Sitting down with Acceptto’s CEO Shahrokh Shahidzadeh, Aviva Zacks of Safety Detective had the opportunity to ask about Acceptto eGuardian, which provides passwordless authentication and post-authorization anomaly detection.
SD: How did you get involved in cybersecurity and what do you love about it?
SS: I studied Computer Engineering and didn’t start out as an IT guy. I began my career as a microprocessor designer at Intel. I worked there for 25 fun years, with my first project being a game-changing Intel processor called P6. During my second project there as the manager of the Page Miss Handler (PMH) unit, I was able to get involved with security and work with some talented peers who were working with OSVs. Over the years, I gravitated to platform security and chips security features, to secure boot and platform trust as the middle layer eventually working on device and identity access management. I worked on a project called Ambient Intelligence Research (AIR) which was about anomaly detection in a physical space and when I joined Acceptto I was able to apply those same fundamentals to cyber and focus in on anomaly detection at authentication and post-authorization by using behavioral modeling, and that was what really enabled us to push Acceptto’s approach as a thought leader in the space.
SD: What is Acceptto’s flagship product?
SS: Our flagship product is Acceptto eGuardian. Acceptto’s philosophy derives from the concept that authentication needs to be a continuum. With eGuardian, we are able to provide passwordless authentication and post-authorization anomaly detection serving continuous analysis during the lifecycle of the session. We achieve this by monitoring user behavior not only at the moment of authentication but also throughout the session to provide organizations with continuous protection alongside a secure, seamless user experience.
SD: What verticals/industries would be interested in your company’s products?
SS: We currently serve customers in healthcare, financial services, education, and cybersecurity industries, as well as of course any public or private enterprises that deal with Authentication, Authorization, fraud, or has needs for passwordless, and analytics-centric authentication solutions.
SD: What are the worst cyberthreats out there today?
SS: The worst Cyber threats are the ones that you don’t know about, bringing your business to a halt with a huge financial and brand impact. Credential exploitation, derived from passwords and other weak binary 2FA and MFA including biometrics, is the biggest attack surface and one of the cheapest to exploit for attackers. For $100, attackers can buy a password database in the dark market and achieve an ROI of several thousand percent.
Over the years, password attacks ranging from brute force to phishing have evolved and in the last 5 years were responsible for 75 to 81% of breaches. The FBI Internet Crime Complaint Center estimates that the complaints they have received cost organizations $2.1 Billion. In 2020, we can only expect costs to increase given that 8 Billion credentials have already been stolen this year alone.
The next biggest threat is misconfiguration. Internal and shadow IT organizations face a daunting challenge of sprawling infrastructure, combined with security controls that lose their efficiency over time often leads to insecure configurations.
This prevents companies from adopting a zero-trust attitude and consumes precious IT resources that are hard to find and train.
Having said that, the threat landscape changes rapidly with attackers adopting AIML to quickly exploit the security industry’s weaknesses and vulnerabilities.
That combined with the potential delay between an incident and its discovery, makes it difficult to determine what are the most pressing threats that companies are facing.
SD: Where is cybersecurity headed in the next few years?
SS: The good news is that cybersecurity is becoming a principal business initiative. There are a number of enterprises where the executive suite and the board are actively sponsoring their CISOs and CIOs in the hunt to kill threats like passwords and other outdated binary authentication mechanisms, all in the light of that inevitable breach around the corner that can result in a brand black eye that can be financially devastating.
If we don’t, then we are headed towards a breaking point. As breaches and cyber-attacks continue to increase in scope and number, we will have to acknowledge what we already know today and have known for quite some time: we can no longer rely on the insecure password authentication or other binary systems that are currently the basis of all security.
The means to replace these systems are here. However, the onus is on Security and IT professionals to recognize the unacceptable level of security inherent to the password system and move to change it. The more quickly the industry is able to adapt and embrace the power of anomaly detection solutions powered by biobehavioral analysis like Acceptto’s own, the more secure this new paradigm will become, empowered by the increasing amounts of data available.
SD: How will Covid-19 change the face of cybersecurity for the future?
SS: The short-term results are obvious: we are seeing data breaches and cyber-attacks announced as a direct result of the pandemic potentially for years to come. Businesses already contending with cyber threats brought on by the dramatic and unforeseen shift to work from home, will also have to deal with the threats brought on by the COVID-19 news cycle. Increases in phishing attacks that take advantage of the wave of information being put out as a result of COVID-19, especially in mimicking the wave of financial, health, and legal notifiers, including recent PPE and economic stimulus relief plans, have already occurred.
However, while this will no doubt lead to insecurity across many industries, the pandemic is ultimately a trial by fire, one which will leave future-thinking firms more prepared than ever before to securely and quickly adapt their services to a range of network options.