A hacker turned CEO says corporations are pouring too much money into cybersecurity and they are often too slow to realize that some of their biggest vulnerabilities are the easiest ones to protect.
Worldwide spending on cybersecurity is expected to reach $124 billion in 2019, up from $114 billion last year. But despite all that, Duo Security CEO and co-founder Dug Song said all that money is misspent.
“I think there is too much funding going into cybersecurity today. Cybersecurity is way overhyped in that a lot of these breaches happen due to the basics that we’re getting wrong,” said Song of Duo Security, which provides two-factor authentification systems to 15,000 clients and is a business unit of Cisco Systems (CSCO).
Those basics are phishing scams, stolen passwords and employees using devices that are not up-to-date or patched. Stolen user credentials are a leading cause of breaches and is becoming a growing problem in an increasingly mobile workforce.
“Attackers, smart attackers are going after people not just systems,” Song said. “And all the work we have done to secure our networks, applications and devices, now attackers are bypassing that and going after users.”
Song is pretty good at getting into the mind of a hacker. That’s because he was one. Song was a founding member of the hacking group w00w00 which also included WhatsApp, co-founder Jan Koum, and Napster co-founder Sean Parker. From 1996 through the early 2000s, w00w00 described themselves as "the largest nonprofit security team in the world."
Now as the head of Duo Security, Song said many leaders experience a sense of fatalism when it comes to cybersecurity. He said that doesn’t have to be the case if companies take the right steps to protect users, like allowing only verified users on safe devices to have access to their systems. The bottom line is it’s about spending money wisely.
Joanna Campione is a producer for Yahoo Finance On the Move.