“Your password will expire in 7 days. Please change your password.” “Your password must contain numbers, letters, and special characters.” “Please read these tips and tricks for selecting a stronger password.” We’ve all seen these messages, and many CISO organizations have been sending them to workers for many years. Enough is enough!
Passwords have been the lynchpin of authentication and access security for over 60 years. Given how rapidly technology and digital capabilities have evolved and transformed, doing anything the same way as three (3) years ago is likely outdated, let alone 60! Passwords are point-in-time. They can be taken, tools are widely available to crack them easily, and once credentials are compromised, most security monitoring controls will leave you alone. Hey – why not… the correct password was provided, after all.
Multiply this dynamic across dozens of sites and services. Whether we are CISOs, CEOs, or analysts, we are all users too. We recognize the fundamental flaws. Yet we’ve allowed this to persist for years. Authentication must evolve and transform, just as digital solutions have. And as a security executive in life sciences, people’s health and well-being is at stake. Let’s wake up, leverage the tremendous analytics capabilities that exist today, and do this properly.
It’s time for enterprises to invest in evolving their consumer and employee authentication capabilities. This paper describes the destination or goal for enterprises to aim for enabling them to build a phased, multi-year implementation plan.
About Mike Towers
Mike has been Chief Information Security Officer at Takeda Pharmaceuticals International since August 2018, where he partners with business leadership to prioritize the protection of critical information and technology assets, continually balancing control and tolerance within the digital experience.
Mike and his team design and execute measures to identify and safeguard the information and data supporting Takeda’s patients, people, biopharmaceutical research, development, global supply chain and commercial businesses across 110 countries, and ensure digital and technology systems are managed in accordance with compliance, quality, legal and regulatory requirements.
Mike has led due diligence and integration efforts for more than 50 acquisition and divesture transactions throughout his career, including four major acquisitions and one significant divestiture each valued at more than $40 billion.
Mike was recognized within HMG Strategy’s 2020 Global Technology Executives That Matter and 2019’s 100 Technology Executives to Watch and was awarded Information Security Executive of the Year within the Northeast region and Healthcare industry in 2020 and 2015. He is a regular speaker, author, and expert panelist on digital trust, information risk and cybersecurity. Mike passionately advocates cross-industry sharing and collaboration and serves on the Board of Directors for the Health Information Security & Analysis Center (H-ISAC), where he also chairs the Products & Services Committee. Mike is a venture capital Board Advisor for Cyberstarts, and sits on the executive advisory boards for Okta, Armis and Palo Alto.
About Jim Routh
Jim Routh is the former CISO of MassMutual, CVS, Aetna, DTCC & American Express and a cyber industry luminary. At Aetna, he developed one of the most mature converged security programs in the private sector. He serves as a board member and advisory board member for several companies including: BigID, University of California Berkeley Center for Long Term Security, Clear Sky Advisory Board, Cyber Starts Advisory Board and the Global Cyber Alliance. He is the former Chair of the Health Information Sharing & Analysis Center (H-ISAC) and former board member of the FS-ISAC. He serves on the board of Armis Security and Acceptto, he is on the advisory board of Zero North and Agari. Mr. Routh has been recognized by many industry awards for Cyber Security Leadership and he regularly publishes articles on innovative practices and capabilities to improve enterprise resilience across industries.