Okta CEO explains what companies need most to repel cyberattacks

Brad Smith and Seana Smith
0
In this article:

Hackers are stepping their game up — especially in the age of AI — as more and more companies report being targets of cyberattacks or ransomware hacks. Cybersecurity and multi-factor authentication systems, a service that Okta (OKTA) provides, are becoming more integral to keeping corporate employees and customers safe.

Okta CEO Todd McKinnon details the growing importance of identity management as cyberattack activity surges, particularly in a major election year.

"When you talk about identity-based attacks, I think the first challenge is knowing the breadth of the accounts and the identities companies have in their ecosystem," McKinnon tells Yahoo Finance. "So, when you're talking about a company's corporate IT environment, especially for a sizable company, any one over... a couple hundred employees, it's pretty daunting to know all of the systems and networks and SaaS applications and datacenters and servers in those data centers — trying to get a catalog of it all."

For more expert insight and the latest market action, click here to watch this full episode of Yahoo Finance Live.

Editor's note: This article was written by Luke Carberry Mogan.

Video Transcript

BRAD SMITH: Companies across industries continue to navigate challenges of ransomware attacks. Just this year, Russian-backed attackers have targeted two major companies, UnitedHealth Group's Change Healthcare and tech titan Microsoft. For more on the rise in cybercrime, we're joined by Todd McKinnon who is the Okta co-founder and chief executive officer. Todd, great to speak with you as always and scratch-- we'll get some time with you. First and foremost, what is really prompting this rise in cyber attacks that we're seeing and additional threats?

TODD MCKINNON: Well, as an industry, and an economy, and a society move more and more information and transactions online and reap the benefits of that, and ease of use and productivity for our companies, that's also where the bad guys can make money. And that's where they're going after these things. You mentioned a couple of examples. And it's where the money is, it's where the vulnerabilities are, and that's where they're going. And that's what we have to do as an industry is defend that.

SEANA SMITH: So Todd, how do you defend that? How do you navigate what is an escalation here within the landscape? And then also on the flip side, just what does that then doing for demand for your product? Do you think it would be a real uptick in demand?

TODD MCKINNON: Well, the cybersecurity industry as a whole is a large and growing industry. The specific part of it we play in, which is called the identity management part of cybersecurity is even more important than it was 5 years ago or 10 years ago. And that's because as more things move online, the old technologies like firewalls and virtual private networks aren't going to cut it. You have to have a strong identity system.

And when you look at these attacks, in fact, you mentioned a couple of examples, the Microsoft attack or the UnitedHealthcare Group attack, over 80% of them involve a compromised identity. So somewhere in that chain of attack, there's an account that's taken over. There's a insecure password that's used that the threat actors compromise and use that to either initially land the attack or to promote the attack within the infrastructure. So identity is a big part of the defense and that's why we're so important to our customers stepping up, helping them defend themselves against these identity-based attacks.

BRAD SMITH: You know, Todd, when we think about how much we've all, kind of, leaned into two-factor authentication as we need more safety, how far away are we from now having to think about three-factor authentication?

TODD MCKINNON: I think there's-- when we talk about identity-based attacks, I think the first challenge is knowing the breadth of the accounts and the identities companies have in their ecosystem. So when you're talking about a company's corporate IT environment, especially for a sizable company, anyone over a couple hundred employees, it's pretty daunting to know all of the systems, and networks, and SaaS applications, and data centers, and servers in those data centers trying to get a catalog of it all and comprehensively have a way and an approach to manage all of that. That's the first challenge.

And then the second challenge, as you mentioned, is not only to make sure that there's the right types of authentication methods on those accounts. Making sure they're very secure like the modern authentication methods aren't passwords, it's things like biometrics. So you can just log into your system by using your fingerprint or a face ID.

Passwords are really not the modern way to do it. They're the most vulnerable, they're most secure. So comprehensive knowledge of what you have in your ecosystem and then the ability to put the right strong level of checking that the person is who they say they are on each of those accounts, that's what identity management is. And that's why demand for our products is high.

SEANA SMITH: And Todd, speaking about demand for your product, also scaling the business, you recently closed one of your recent acquisitions. Talk to us just about how that then positions you for further long-term profitable growth and what that runway looks like for Okta.

TODD MCKINNON: We're very excited about the product roadmap and it's moving in the direction that I just spoke about. So moving from a platform that can comprehensively connect employees to all of their technology and customers to all of the technology, whether it's a new mobile app or a website a company is building, moving more toward a product suite and a platform that can have visibility into the entire internal set of services, and cloud servers, and on-premise servers, and manage all of the accounts in those servers, and give the companies a comprehensive view of all potential identity-based threats across the environment, that's what we're looking to do. And that's what customers are responding with healthy demand in the environment.

BRAD SMITH: Hey, Todd, while we have you, we were able to speak with one of your industry colleagues more broadly, a CEO over at CrowdStrike George Kurtz. And we had to ask about this election season. And I wonder from your purview the role that cybersecurity plays in global elections where you've got almost half of the world's population that it's expected to go to the polls and to the ballots.

TODD MCKINNON: It's not just elections. I mean, it's not just any time of year. It's a constant thing now with so many more processes and workflows moving online.

And we talk about not only the actual voting part of elections, which is not online yet in most cases. But a lot of the media and a lot of the influence as voters go to the polls where they get their information, as an industry, we're really focused on making sure we know what authentic information is online. And a lot of that comes down to identity.

How do you know-- is it a bot on X that's posting or is it a real person? How do you know where the actual content is coming from that is kind of supporting different candidates and supporting different causes? That's an identity problem. And both Okta and the industry can help make sure that those things are genuine and that voters know what they're really-- when they're learning about things, they know it's accurate, and complete, and they can make the right decisions at the polls.

SEANA SMITH: All right, Todd McKinnon, great to have you here, Okta's co-founder and chief executive officer. Thanks so much, Todd,

TODD MCKINNON: Thank you.

Advertisement

Recommended Stories