Okta CEO Todd McKinnon on Lapsus $ cybersecurity breach

Hello and welcome to Protocol Enterprise! now: Okta CEO Todd McKinnon told Protocol what went wrong with the Lapsus $ breach and why it won’t happen again, ServiceNow made a bold promise of revenue, and college students rebuilt the legendary World War II this machine in a semester using modern technology.

Rotate

Communication problems may be the easiest route for AI technologies in core business. According to new research from Red Box, 42% of business leaders think AI can help them understand accents and different languages, which is a confusing problem for customer support organizations.

Please use only MFA

Okta co-founder and CEO Todd McKinnon agrees with you: Disclosure of a breach affecting customer data shouldn’t take several months.

In January, the hacker group Lapsus $ found its way into an engineer’s laptop with a third-party Okta support provider-initially thought to have given the group access to potentially hundreds of Okta customers. A later investigation that included additional information found that only two customers were affected, according to Okta.

But the violation itself has never been a major concern. Many expressed the fact that Lapsus $, not Okta, told the world about the incident, posting screenshots as evidence in the Telegram in March. This raised more than a few questions about Okta’s handling of the month -old violations.

Protocol spoke to McKinnon about customer concerns, how the impact of the breach had been less than previously feared and the security changes Okta made in response.

This lecture has been edited and abbreviated for clarity. A longer version can be found here.

Looking back on Okta’s handling of the incident, what did you do better?

The main thing on my mind is to make all the environments completely secure for the people who support Okta. We’ve put a lot of effort into making sure Okta’s product and platform are safe, and then making sure Okta employees work in safe environments. The third-party support organization is in another ring outside of it. So we need to make sure that’s safe too.

Sitel didn’t use Okta, and that’s part of the problem?

Exactly. We know this after the fact, because they brought in a forensic firm to do a full analysis of the breach. What we learned there was, the original way the attacker entered was through the VPN gateway, with no multifactor authentication here. So the most important thing you do when you implement Okta is you make sure all of your systems, whether it’s email, or VPN, or either your SaaS app, or your cloud infrastructure – all use a strong authentication policy . And the MFA is the main one [policy] there. And then once [Lapsus$] inserted, they used a bunch of vulnerabilities in Windows to move around and increase privileges. They also have access to Office 365 – because again, it doesn’t have multifactor authentication here. One of the main things Okta does is it puts multifactor authentication in Office 365. So it’s very ironic.

It ranged from a five -day incident that could potentially affect 366 customers to a 25 -minute incident that affected two customers. Can you explain the difference there, why this is a big change?

this is [due to having] additional information. There are two [investigation] reports. There is an original report made for Sitel. And then there’s the report we send to our customers, made by another company, with access to all the forensics information on both services – Okta and everything inside Sitel.

The original report, which established five days and the 366 customers – the forensics firm did not understand the potential impact on Okta. So they didn’t study all the detailed forensics that could minimize this impact. They only saw which machines were compromised and which Office 365 accounts were compromised. So we are really grateful to Sitel for cooperating and providing that information to this third party, to minimize the impact.

One of the things I’m proud of is that, I think throughout it, we make decisions that are helpful for customers. It’s really easy, after the first 24 hours, to take an overly optimistic and narrow view of what the impact might be – because none of us have all the information coming out over time. We could easily say, “Probably just a few customers” – hoping that’s true. But we said, “The whole, highest potential impact is this 366 customers,” we know there’s probably a 99% chance it’s going to be less than that.

As you said, it’s not a common reaction of customers to feel concerned about Okta’s handling of the disclosure.

I understand why they thought that. Because whether it’s Okta, or a partner, or a third party – when there’s a compromise like this where the attacker can see any kind of Okta support information, or customer user IDs, or email addresses – if that happens in January, it can be seen of customers. did not know about it in March.

So the first step, as I mentioned, is: We can’t use the support application in insecure environments. We need to make sure we are not in that situation. And the second step is: If there are any issues, we need to make sure we follow them. [In the January incident] our security operations center detected a failed account takeover attempt, and we notified the third party that something was happening. Today, failed attempts at taking this account often occur. But if we see one of these in our own environment, we are [need to] make sure we drop it and make sure nothing happens there.

The most important thing in all of this is that customers understand how serious we are [taking this]and make sure it doesn’t happen again.

– Kyle Alspach (email | kaba)

A MESSAGE FROM LOGITECH

With New Work Logic, solutions meet people where they are now, not where they were last year or even last week. And it means providing tools and experiences tailored to different people and roles in an organization. At Logitech, our products create opportunities for people and organizations to grow.

Learn more

ServiceNow doubles in Vegas

LAS VEGAS – The software industry is in the midst of a turbulent time. But at ServiceNow, CEO Bill McDermott is nothing but optimistic about the vendor’s outlook.

On Tuesday, at a company conference in Las Vegas, McDermott outlined new financial targets. ServiceNow now expects to reach $ 11 billion in revenue before FY 2024, higher than the $ 10 billion previously predicted by McDermott. It also expects to reach $ 16 billion in FY 2026, up from a previous estimate of $ 15 billion.

“We couldn’t be more excited or more positive about where ServiceNow is going,” McDermott said. The company has “established itself as a solid platform.”

The numbers are clearly an attempt by McDermott, the full -fledged retailer, to separate ServiceNow from other software companies like Zoom that have seen a boom in pandemic sales but are now having a hard time maintaining that momentum.

Pinky estimates come as ServiceNow aggressively expands beyond its core IT business into new verticals such as low-code application development and ERP, as well as industry segments such as of manufacturing, which helps the company sell higher priced contracts.

Under McDermott, the company has also forged fruitful partnerships with industry giants, large consulting firms and upcoming vendors such as Microsoft, KPMG and Celonis.

The proof – at least, for now – is in the numbers. ServiceNow continues to report strong financial results. In the three months to March, total revenue grew to a better -than -expected $ 1.72 billion. However, its stock has dropped 40% since a November 2021 high amid wider selling of software stocks on Wall Street.

– Joe Williams (email | kaba)

Spies like them

During WWII, an Allied intelligence project called Ultra helped decypher messages sent by the Nazis through their Enigma encryption machine. The project was so important to Allied’s success on the battlefield that its existence was not disclosed to the public until decades later.

Earlier this month, three students taking a microcontroller design course at Cornell redesigned the machine used by the Allies to decrypt messages encoded using the Enigma machine on a hardware platform designed to around a programmable chip, or FPGA. Called the Bombe machine, the original design was developed by Alan Turing in the UK A recent attempt to make a replica took 13 years but students made their version in a semester.

According to the students, the goal of their project was to see how quickly a digital version of the original mechanical device would decrypt Enigma messages.

To do this, they coded a version of the Enigma machine-the Bombe is usually multiple Enigmas compiled-and then coded a version of the original decryption algorithm into modern hardware. Doing so “greatly shortened the computation time,” the students wrote. It looks like the system is relatively simple to use, and requires a manual step to retrieve the last decrypted message which, if given more time, can be automated.

– Max A. Cherney (email | kaba)

A MESSAGE FROM LOGITECH

We help individuals and teams feel that they can be seen and heard regardless of location, so they can do their best work, on their way. Our solutions consist of a complete ecosystem of video conferencing hardware, software, services, and world-class partnerships. From boardrooms to living rooms, heated tables to huddles — we’ve got you covered.

Learn more

Thanks for reading – see you tomorrow!

.

#Okta #CEO #Todd #McKinnon #Lapsus #cybersecurity #breach #Source Link #Okta CEO Todd McKinnon on Lapsus $ cybersecurity breach

Leave a Comment