Human error causes 55% of data breaches, and vulnerability exploitation causes another 21%. While security teams work diligently to mitigate these risks and protect their organization’s data, a new wave of risks may complicate their efforts as cybercriminals adapt, new technologies are introduced, and security budgets fail to grow accordingly.
Frédéric Rivain, Dashlane’s Chief Technology Officer for nearly a decade, says time will only continue to bring new vulnerabilities and challenges for IT teams.
“We’ve made a lot of progress in protecting systems and humans online in past years, but at the same time our usage and reliance on computer systems have increased, so the risks and needs have exploded in parallel,” says Rivain.
Read on to learn how he thinks security leaders can tackle their biggest security challenges more proactively and what gives him hope for the future.
Q: Being reactive rather than proactive about security has contributed to many breaches. What can help security leaders shift to being more proactive?
FR: Firstly, it’s about making sure you have the basics in place. More often than not, security is about common sense and following best practices, rather than having the latest technology. A few examples:
- Do you have SSO and MFA enforced on all your critical systems? Are they paired with a credential manager deployed to the whole organization to complement and cover all other services your organization uses?
- Are you training your employees regularly on security and risks, ensuring you level up their awareness on topics such as phishing, data privacy, data leakage, social engineering, and more?
- Have you defined a threat model that identifies risks against your business? Are you reviewing, prioritizing, and addressing them consistently with your stakeholders?
Once you have those fundamentals in place, you’re already in a good position to start being proactive, and now raise the bar on your security practices. For instance, if you’ve been using push 2FA, consider switching to WebAuthn and on-device biometrics or even hardware security keys for your privileged population, such as IT admins and engineers.
Q: Lack of visibility into credential-based risks is a major challenge. What can security leaders do to address this?
FR: You can only improve what you measure. Or, said another way, as a security leader you need to monitor and understand your employees’ behaviors. Those behaviors aren’t just work-related because employees also use their work devices for personal use. Their credential hygiene is the sum of those behaviors.
Dashlane gives you the tools to proactively identify those behaviors with Credential Risk Detection, part of our web extension. It provides IT admins with real-time monitoring of at-risk employee credentials, as well as comprehensive reporting and activity logs. This matters because even if an employee is actively using their workplace’s credential manager, they might still have bad habits you’re not aware of. The feature even works for employees not using Dashlane.
Want to stay ahead of credential threats with proactive credential security tools you can set, forget, and trust? Learn how to get started.
Q: There’s a lot of talk about how AI is increasing cybersecurity risks. What do you suggest organizations do to defend themselves?
FR: In the short-term, I see two main risks related to the malicious use of AI:
- More customized and sophisticated phishing attacks, powered by AI. The counterattack is to move to non-phishable credentials such as passkeys. Dashlane supports passkeys on all platforms and even offers a master passwordless solution for consumers to become more phishing-resistant.
- Intellectual property or data leak through AI tools. This risk is hard to mitigate because it’s very easy today to create a personal account on a platform such as ChatGPT and start feeding it private work data. Get ahead of it: Choose the AI platform that will be vetted by your organization and that employees will be trained and encouraged to use. This makes it convenient for employees to use approved AI tools rather than shadow IT AI platforms.
Q: How can organizations build a security culture in which employees feel like they play a key role in security?
FR: Everybody is accountable for the security of the company. Any employee can become a weak link and the source of a security incident. This needs to be a constant reminder from the CEO down to the whole organization and reinforced by regular training and exercises, such as phishing simulations. You can also illustrate the impact of security incidents by sharing lessons from breaches that happened to your competitors.
As a security leader, your role is also to set up the security guardrails and structural protections that minimize the risk for employees to make mistakes. For instance, if an employee doesn’t need to access specific confidential data about customers for their work, don’t give them access. This “least access privilege” principle ensures you limit risk and exposure, in case that employee gets hacked.
Q: There’s always a scary new headline about security risks or breaches. What gives you hope about the state of cybersecurity today and tomorrow?
FR: If you allow me the comparison, cybersecurity is like health. It’s just digital health, rather than physical health. In time, we’ve been able to invent vaccines and cures and make humankind healthier in general. It’s a long journey, with unfortunately steps backward and new diseases, but we have overall made progress.
Cybersecurity is the same. Systems and humans are generally more secure online today than they used to be, but risks and needs have increased as well. So we still have a lot of work in front of us to get our digital life in a healthier state.
Looking ahead, the journey to a more secure digital future will require resilience, adaptability, and collaboration. By investing in proactive measures today—whether through foundational security practices, credential management, or security education—we’ll all make the workplace and industry a safer place.
As security teams, employees, and leaders focus on vigilance and responsibility, we can constantly raise the bar and build a digital world where security and trust are the norm and risks are minimized. The road to a healthier, more secure digital ecosystem may be long, but every step forward brings us closer.
Secure your organization’s digital present and future with proactive credential security. Learn how to get started today.
Sign up to receive news and updates about Dashlane
