How can companies balance the need for strict cyber security measures with people’s expectations of a seamless user experience?
In a recent discussion with Dan Haagman, CEO of Chaleit, experts Justin Soong, CEO of AuthSignal, and Sasha Biskup, former CISO of Fitbit and Director of Information Security at LinkedIn, explored the competing demands of business goals, security imperatives, user experience considerations, and the global landscape of privacy regulations.
Join the conversation and explore the key takeaways below.
Staying ahead of bad actors is like a cat-and-mouse game in which you must constantly develop new detection methods.
The tension between risk and revenue
One of the central themes of the conversation was the inherent tension between security measures and revenue generation.
Justin highlighted the persistent challenge of credential-stuffing attacks. Drawing from his experience in a previous role where such an attack went undetected for months, he underlined the need for robust technical controls and the importance of effective communication within businesses.
Sasha shared his experience at Fitbit, where credential stuffing led to significant warranty fraud issues. Protecting the brand was a resource-intensive process that involved replacing products and implementing better password policies.
Staying ahead of bad actors is like a cat-and-mouse game in which you must constantly develop new detection methods, Sasha emphasised.
However, many organisations are reluctant to implement stringent security measures due to fears of revenue loss and negative impacts on customer experience, Justin explained. This reluctance often results in poor consumer outcomes, a challenge he addressed by founding AuthSignal.
The overarching goal in cyber security is to create a seamless user experience where protections are invisible yet effective.
Towards a frictionless user experience
Justin’s solution, “a simple API product that the largest companies can safely put into their customer journey,” aims to enhance security efficiently without compromising user experience.
“If I could have built a microservice or integrated into a service like AuthSignal, it just would have saved my life,” Sasha admitted, echoing his previous experiences and highlighting the benefits of seamless security solutions.
The overarching goal in cyber security, as explained by both experts, is to create a seamless user experience where protections are invisible yet effective. This approach parallels advancements in vehicle emission laws, where the technology works efficiently without requiring user intervention.
By reducing friction and integrating security into all processes, cyber security professionals can better protect consumers and businesses alike.
A challenge in cyber security is that privacy protection and data regulation frameworks vary in maturity across countries.
Varying degrees of maturity in global privacy issues
A challenge in cyber security is that privacy protection and data regulation frameworks vary in maturity across countries. This results in regional regulations and approaches to user education and the implementation of security controls.
For example, in the UK and Europe, mature financial services regulations and educated user bases ensure a unified approach to security, reducing the risk of losing user trust.
On the other hand, in regions like Australia and New Zealand, less mature privacy frameworks lead to varied security practices.
In New Zealand, for instance, minimal penalties for privacy breaches often result in companies opting for less stringent controls to avoid high costs.
This discrepancy between regions highlights the challenges in achieving uniform data protection standards worldwide.
AI technology, while offering creative benefits, also provides new tools for bad actors, requiring open conversations about improving current security controls.
The impact of generative AI on security
Generative AI presents both opportunities and significant risks in cyber security.
AI technology, while offering creative benefits, also provides new tools for bad actors, requiring open conversations about improving current security controls.
Justin expressed concerns about AI’s ability to clone voices, making traditional security measures like voice biometrics unreliable.
Sasha added that real-time AI emulation of executives by red teams in major tech companies demonstrates the serious threats posed by AI advancements.
In response to these challenges, Justin discussed the potential of deterministic ways to create trust, such as Passkeys using Public Key Infrastructure (PKI) and asymmetric cryptography. This technology, supported by industry giants such as Apple and Google, simplifies complex security protocols into user-friendly solutions.
By integrating cryptography into customer journeys, companies can enhance security without compromising the user experience. Sasha supported Justin’s view, noting that such innovations prove that security controls can be both practical and widely accepted by users.
Seamless integration and collaboration
Cyber security professionals must strive to seamlessly integrate security measures into business operations and product development.
Justin and Sasha both advocated for a collaborative approach, encouraging security teams to partner with product and engineering teams to augment customer journeys and internal processes with frictionless yet robust security controls.
In recent interviews, other experts highlighted the need for closer collaboration to improve security. Payment security expert Neira Jones named lack of cooperation one of the top concerns in 2024, while award-winning cyber security leader Jane Frankland explained the power of partnership in cultivating a sustainable future for cyber security.
Check out the Chaleit blog and YouTube channel for more thought-provoking conversations, and subscribe to our newsletter to get monthly scoops on cyber security trends.