AuditBoard is making a significant shift away from using password-based security controls, according to CISO Marcus since 2024. Instead, the company is opting for dynamic methods of user authentication. Marcus stated, “When we select a provider, we openly say that we do not want to use static authentication methods such as passwords or tokens. However, we must be realistic: if it is not feasible with certain products, the passwords used must be changed regularly. Static credentials have become the exception for us.”
This move towards dynamic authentication methods reflects a growing trend in the cybersecurity industry to move away from traditional password-based security measures. By prioritizing dynamic authentication, AuditBoard aims to enhance its security posture and adapt to evolving cyber threats in a more proactive manner.
Attila Torok, the CISO at software provider GoTo, also challenges the effectiveness of scheduled penetration tests. He believes that conducting penetration tests once or twice a year to meet compliance or vendor requirements is outdated and inadequate for assessing a company’s true security posture. Torok explained, “It is not suitable for effectively evaluating the actual security situation of a company. It is more of a snapshot. The environment at GoTo is constantly changing: we modify our code multiple times a day – an annual penetration test would be pointless and costly.”
Despite his skepticism towards scheduled penetration tests, Torok recognizes the value of ongoing vulnerability assessments. He emphasized the importance of a dynamic approach to penetration testing for environments that are constantly evolving and changing. By conducting regular vulnerability assessments, GoTo can proactively identify and address security vulnerabilities in their environment, ensuring continuous protection against potential threats.
The shift towards dynamic penetration testing reflects a broader industry shift towards more proactive and adaptive cybersecurity measures. By moving away from traditional, static security controls like passwords and scheduled penetration tests, companies like AuditBoard and GoTo are staying ahead of emerging cyber threats and better safeguarding their sensitive data and assets.
Overall, the emphasis on dynamic authentication methods and ongoing vulnerability assessments highlights the importance of adopting a proactive approach to cybersecurity. In a constantly evolving threat landscape, organizations must adapt their security practices to effectively mitigate risks and protect against cyber threats. By embracing dynamic security measures, companies can enhance their security posture and strengthen their resilience against evolving cyber threats.