Challenges in DX and Cyber Security in Japan - Consento joined the panel discussion at TCSM#

We are delighted to announce that we joined in Tokyo Cyber Security Meetup (TCSM) as a co-host for their monthly meetup where we will be having interesting guests from Japanese business scene to share their expertise in security. TCSM is one of the biggest cyber security meetups in Japan led by Gino Bautista and Thomas Glucksmann, and their commitment to give something back to the local community is tremendous that moved us as well as an international startup bridging between Japan and Europe.

In our first Japanese meetup, we welcomed Mr.Shunji Koyanagi from SANS Institute and Mr. Keiichiro Nozaki from F5 Network. They gracefully shared their point of views on the current digital transformation demographic, and challenges that Japanese corporates are facing today.

Here are a few key take aways from the discussion;

• As a shared general view, Japan’ DX development is lagging behind other countries. However, the number of Agile development is perceived as higher than the average.
• Many companies in Japan don't have CISO roles, and security is something that executives "hope" someone in the company get things done.
• That's why the assessment criteria is vague, and person in charge of cyber security don't get promoted if they are actually "successful" in their job (I think we also talked about it before as one of the pains of CISO )
• So SANS institute offers the training for companies to raise the awareness and restructure the criteria for cyber security.
• Many security experts are struggling with finding the solution which is hard for hackers but easy for users.

To sum up the whole discussion, we can break them down into 2 topics.

• Cybersecurity talent problem Companies with CISO role generally have objective metrics to assess their achievement. However this is often lack in cooperates that don't value cyber security as a professional expertise. Due to this reason, people are not attracted to be positioned in cyber security. On the other hand, there is a big market for training programs.
• Security vs Usability Robustness of security and easy usability are 2 sides on the same coin. Security is all about daily habit, and it will not make sense if the users don't use the tools for its complicated UI/UX.

How Consento works on Security vs Usability issue: The real Key is "Trust", not the Long Passwords#

In cyber security world, we often hear that "Human factor is the weakest link in chain" as in human error is the most potential danger to break the system. No matter how beautiful security tool you have, people need to have the ability to handle it right. As is discussed in the event, that is why security training is very crucial today.

As a software company, we wanted to build a tool that have the warmth of human, and we rather prefer to state "Human factors are the strongest link in chain" that can enhance the security.

Consento uses its unique authentication called "Human Factor Authentication" that requires trust from your trusted peers like friends, family, colleagues etc. On your mobile phone, you can add your "trustees" via QR code, and they act as your decentralized partial keys.

This Human Factor Authentication intends to foster the learning of trust rather than learning to manage long passwords. In Consento app, users are nudges to maintain their relations and a high level of security in their circle of devices by sending and receiving push notifications triggered by the users in the trusted circle. This sense of collaborative security gives a peace of mind with warmth of human. We don't have to do everything alone.

Humans are the creature to forget things, and learning a long sequence of passwords on each different platform is unrealistic, especially in the era of cross-using multiple platforms. Our amazing UI/UX designer Marc posted a very important quote on trust.

We like the definition of trust as "a psychological state comprising the intention to accept vulnerability based on positive expectations of the intentions or behaviour of another"(Rousseau et al., 1998). Trust depends both on the individual abilities to trust and on the trustworthiness another is able to display.

Said otherwise, trust is neither a cognitive process nor an innate human feature, it is both (Mújdricza, 2019). Studies have shown that trust is an a priori given human faculty, and therefore the possibility of trust is always present. But visual cues, human contexts and past experiences affect positively or negatively the level of trust. Trust happens to be 'learned' more than 'earned', and it requires a certain affective warmth for a start. (In consent we trust - Consento )

Trust is something to be learned, and what we want to create is not a software that just makes life easy. We want to create the software that makes people as people, and this is leading to our motto "Data privacy for humans by human." What we should learn as human is trust, not the long password.

Interested to know more about our human-centric solution? Let's get in touch.#

Great! Thanks to the rapid move to #WorkFromHome, your organisation embraced #DX. But wait. At what security costs?#

As we recently shared, the recent move to work remotely came with a drastic increase in organisations' security threats. And our interviews with CISOs gave us better idea how it feels to be on the front line.

Expectations of velocity versus tested security.#

The rapid transition to work from home (#WFH) has fast paced the ongoing digital transformation (DX) of organisations of all sizes. The apparent results may give the impression that radical changes toward digital practices can be taken in a very short time. CEOs now expect the same velocity as the "new normal" for digital transformation settles. However, a transformation that is healthy and secure in the long term requires time and patience to assess security, user behaviors and changes in security measures on the long run.

Of course the CISO’s role is not only to tell the bad news.#

CISOs acknowledge that their role inside organisations is often associated with telling about cyber threats, data breaches, missing security hygiene, and so on. This ‘bad cop’ figure makes it harder for CISOs to fulfill an important part of their job Indeed, the role of CISOs lies beyond requirement design for security technologies and protocols; it encompasses acting as a leader to onboard the workforce onto a collective digital security journey.

Digital tools (and practices) integration is pivotal, yet never achieved.#

It has become extremely demanding to find ways to integrate digital tools and practices across the organisation, at the office, on the field or at home, and beyond with the network of suppliers or partners. This task is a never ending task, dealing with the inherent multiplicity of each users' situations while reducing risks of mis-integration of the system.

All in all, the digital transformation is a long on-going organisation project, transforming human factor threats into human factor liabilities.#

It requires leadership and coherence all the way long, to integrate technological solutions along with human (individual and collective) behaviours. The scope of CISO is set to expand.

One of most pressing issue CISOs face is still the use case of emails hacking. The distributed system requires [ message encryption ] + [ file exchange security ], regardless of the network used by users.

Consento provides 'human-centric MFA' + proper data encryption (ZeroTrust) + Security-as-a-network (collective security hygiene).#

How it would work in your organisation#

Distribute keys (digitally) easily across your organisation, in person or over a video chat.

• make sure who receives the key
• integrate easily across the organisation
• own the system (no reliance on third parties)

Make security your way by encrypting data and editing security conditions for consent.

• create custom MFA
• rely on password-less, SIM-less technologies
• include biometric, location or other contextual identifiers

Your collaborators encrypt data locally, share the encrypted archive, and always keep the key.

• create strong encryption easily
• distribute the encrypted archive (regardless of the network) & always keep control of who can access
• add/revoke who can request access to archive

Your collaborators maintain a high security together.

• get guidance on how to keep security high
• reward collaborators (and suppliers) for their security hygiene
• nudge (or get nudged by) others in your network to nurture collective security hygiene
• keep security policies up-to-date, by notifying any event in the network affecting the collective security.

Consento provides a human-centric MFA solution to ensure the proper encryption of confidential email and file exchanges.#

The Consento app is designed to:#

• onboard all types of users as soon as they have at least one device ;
• enable them to handle MFA, SIM-free, multi-device, biometric approval ;
• onboard users across organisation(s) ;
• and nudge them to maintain a long-lasting digital security hygiene as a collective.

To wrap up, with Consento now you can:#

• delineate clear liabilities of all participants: Consento splits the encryption keys into unique partial keys.
• rely on mobile devices, SIM-free: distributed on the selected devices of the setup.
• customise your MFA with biometric authentication, geolocation or other custom parameters: Consento recomposes the secret through a Human-Factor Authentication.
• benefit from a cost-effective integration: Consento is made simple to integrate with your technical infrastructure and workforce practices.

Interested to know more about what our solution can do for your organisation? Let's get in touch.#

When it comes to cyber security, employees tend to think that “tech people” who know everything will take care of it with a magic wand, and it will be all well. But, is it really true?#

In an organisation, usually CISO (Chief Information Security Officer) is the role responsible for ensuring the adequate security measures for the company to protect the data assets.

Through a dozen of interviews with CISOs, we found out there are 3 common problems and challenges they think of in today’s cyber security and in their role.

1. The CISO’s role is not only to tell the bad news#

CISOs acknowledge that their role inside the organisation is often associated with telling about cyber threats, data breaches, missing security hygiene and so on. This ‘bad cop’ figure makes it difficult for CISOs to fulfill an important part of their job, which lies beyond requirement design for security technologies and protocols. Indeed, the value CISOs bring acting as a leader to onboard the workforce onto a collective digital security journey.

A hidden fact about CISO’s role is that they need to execute the emotional intelligence to educate employees about the value of data, and the way to protect their assets = organisation’s assets.

2. Expectations of velocity vs tested security#

The rapid transition to work from home (WFH) has fast paced the ongoing digital transformation of organisations. One of the CISOs we interviewed says "Making sure that we are doing the right things from a digital transformation standpoint is pretty big. A lot of businesses have done months or years worth of transformation in weeks.The biggest thing impacting right now is keeping up with digital transformation."

The apparent results may give the impression that radical changes toward digital practices can be taken collectively and in a short time. The new normal is that CEOs now expect the same velocity for digital transformation projects. However, CISOs know that healthy and secure transformation in the long term requires time to assess security and changes in security measures in the long run.

3. Digital tools (and practices) integration is pivotal, yet never achieved.#

It has become extremely demanding to find ways to integrate digital tools and practices across the organisation, at the office, on the field or at home, and beyond with the network of suppliers or partners. This task is a never ending task, dealing with the inherent multiplicity of situations while reducing risks of mis-integration.

“The area of concern for me is how to make it easy for everyone to have dual factor, but harder for the attacker to exploit which are 2 different polarizing situations.” -- Flavio Aggio, CISO at WHO

One of the factors which makes tool integration difficult is communication across organizations. Every company has different security measures and uses different tools. Upon sharing the data, we must ensure that the other party uses the tool that is compatible for both parties. The problem all comes down to how to share data securely across organizations.

Flavio Aggio, CISO at WHO says, “The area of concern for me is how to make it easy for everyone to have dual factor, but harder for the attacker to exploit which are 2 different polarizing situations.”

An organization like the World Health Organization,they have to deploy people globally in places where the supply chain is difficult. He says “sending physical MFA tokens to the right people is a major challenge where wars are going on, and really doesn’t work, so we shifted to virtual tokens in smartphones. The cost of smartphone production has been reduced, and everybody by default may have a smartphone but not a computer.”

How to turn your smartphone a secure key#

Given those 3 problems, here is the solution we have developed.

1. Intuitive, collaborative and Human-centric solution#

CISO as a role responsible for assessing the right security measures and also getting employees onboard for the security practice, collaborative security practice makes it easier for people to be a part of the game.

With Consento, the app split the keys partially to your trusted people which you can add as “trustees”. Upon opening a data vault, the app sends the notification to your trustees. If 3 out of your 5 trustees agreed, you can access the data with having your master key.

2. We say 3 No! No Password, No Server, No single point of failure#

Consento is backed by decentralized ledger technology which is called “Hyper Core”, and this enables the strong encryption upon devices instantly. Our P2P protocol doesn’t require servers, and there’s no single point of failure. It’s an Open Source Project that ensures full transparency. We don’t hide anything, but are very good at hiding your valuable data.

3. Easy implementation, but hard for hackers to attack#

As we know tool integration is one of the challenges CISOs often mention, we make it simple. All you need is just a smartphone, and you can add trustees with a quick QR code scanning. The implementation is super easy. In addition to that, the more you add trustees, the more it becomes secure as well. We make humans as a factor to enhance the security by our collaborative access control .

what's next#

If you are a CISO, do you resonate with any of these 3 problems? If you are not a security expert, what would you expect security experts do for you?

Please let us know! And if you want a demo of Consento technologies, get in touch with us.

As a simple metric, the FBI has seen a fourfold increase in cybersecurity complaints. At the same time, the global losses from cybercrime exceeded $1 trillion in 2020.

The world post-2020 isn't quite the same. While the digital transformation is accelerating, executives still need to figure out ways to secure their digital assets and teams.

Personal medical information are the cornerstone of relevant eHealth, and yet remain unmanaged. Who gets to host - and provide remote access to - patients medical data? Each and every medical expert and organisation holds dear to the patient data they host. And they have to. But each part of the patient data portfolio remains to be enriched with the rest of the information. With services increasingly requiring access to patient's medical data, the responsibility over medical data custody is scattered.

Following up in the Next Generation Internet (NGI) series, the Consento team is delighted to be invited at the TETRA Bootcamp 'Scale Up'. NGI is dedicated to the emergence of a more resilient, trustworthy and sustainable Internet.

GDPR is a regulation set in Europe, mainly to protect personal data by setting out the rules on how to deal with/transfer data. However, the tricky part is that this regulation goes beyond the border if you deal with personal data linked to users residing within EEA.

Remote workers bear a great stress in collectively handling the privacy of company data. For many of us, remote working is here to stay.

Beyond the inconveniency of mixing up personal and professional spheres 24/7, remote working brings along another source of stress for remote workers, and to those in charge of maintaining the company data privacy. Now that devices are connected and used outside the company network, the risk of mishandling passwords or using unsecure networks has become higher than ever.

Being the custodian for contractors' CV or identities adds to the burden of coordinating agencies. Having to hold the custody of other's digital identities is timely, if not costly in human error.

Most of companies relie on a netwrok of external contractors and suppliers, for translation work, transcription, accounting, legal work, etc. Building a trustworthy partnership often starts with verified credentials, or asking for referals, in order to discard fraudulent candidates. Eventually, these verified CVs and confidential data about contractors become too valuable to be losely shared over emails or cloud services. The agency's reputation depends on it.

You are a crypto-millionaire! If only you hadn't lost your crypto wallet key...

Have you heard how many bitcoin users would have become millionaires, only if they hadn't lost theit password? Bitcoins and distributed ledgers technologies opened amazing opportunities to secure transactions online. Although their technicality makes most end-users a bit chill. Moreover, they transform the end-user into the "single point of failure".