Aviva Zacks of Safety Detective had the opportunity to meet with Raz Rafaeli, CEO and Co-Founder of Secret Double Octopus. She asked him how his company is helping to eliminate the need for passwords.
SD: How did you get into cybersecurity and what do you love about it?
Raz Rafaeli: I’m an engineer by training and have been a tech CEO/entrepreneur for many years now. We started Secret Double Octopus after a team of computer security researchers from Ben-Gurion University came up with a brilliant way of protecting authentication mechanisms. They then joined forces with the other co-founders, including myself, bringing in extensive real-world engineering and management experience gained in very large companies.
What I particularly love about what we do is the ability to change how people think of cybersecurity. We’re not selling yet another layer of defense that people buy out of (usually justified) fear, and quickly forget about once installation is done. What we’re offering is an elegant and innovative solution which not only protects companies better but perhaps, more importantly, saves a lot of headache (and money) for IT managers and CISOs in large organizations from day one.
SD: Tell me about how your company is eliminating the need for passwords.
RR: As many people already realize, passwords are quickly becoming more of a liability than a protection. There are many contributing factors for that – the challenges of managing multiple authentication methods across the enterprise, the user-related risks like phishing attacks or colleagues sharing passwords, and hackers who are determined to steal credentials or hack standard authentication mechanisms. We at Secret Double Octopus offer a new approach that completely circumvents all password-related vulnerabilities in the first place. Our passwordless solution not only removes the threat of most corporate cyberattacks, but also makes authentication throughout the enterprise faster and easier for both IT teams and end-users. We do that by combining an innovative mechanism that replaces standard passwords in the back end, and a high-assurance state-of-the-art authenticator in the user’s hand. Together with the ability to integrate with almost any popular business system, on-prem on in the cloud, this makes for a transformative solution for enterprise environments everywhere.
SD: What are the worst cyberthreats today?
RR: It’s a tough competition, but for large companies the answer is clear. We know that more than 80% of data breaches are caused by somehow leveraging weak, stolen or cracked passwords (that’s from Verizon’s research). And we also know that a huge portion of corporate breaches uses phishing attacks at some point along the way. In the huge ocean of cyber threats and attack tactics, the one constant factor is that it’s always easier to try the front door first, so to speak. By that, I mean taking advantage of the way legitimate users access company assets. Once there, attackers can go on to do whatever they wish, usually without being noticed for a while. So I’d say that the worst cyberthreat is not ultra-sophisticated hackers breaking sophisticated cybersecurity, scary as it may be, but rather the prevalent methods of attacking frail authentication systems.
SD: Has COVID-19 changed your company’s focus?
RR: Our focus has always included remote employee access since this is a very common scenario for most of our clients and one that requires the highest security. But we definitely saw the market reacting to the pandemic in the last couple of months with a big increase in companies, analysts, and news outlets looking into our passwordless solution for remote employees.
SD: How is COVID-19 changing cybersecurity forever?
RR: First and foremost – the increase in remote work and enterprise decentralization in general, is here to stay. It obviously didn’t start with the COVID19 crisis, but these months have demonstrated that organizations must prioritize their flexibility in providing secure access for all employees wherever they are. This is not just a continuity and uptime issue but also correspond to technological and social trends that were brewing for a long time. In terms of security, this means better-protected VPNs and cloud services, further embracing of zero-trust paradigms within companies, improving incident response times, and minimizing the exposure to the most common and damaging threats like phishing and man-in-the-middle attacks. Additionally, times of economic hardship tend to encourage malicious actors and make them more aggressive and resourceful. We all hope that we’ve seen the worst of this crisis, in all aspects, but it’s clear today more than ever that companies shouldn’t delay in strengthening their security posture.