Al Lakhani, IDEE: “seven out of ten ransomware attacks can be stopped”

Cyberthreats have always been lurking around virtually every corner, waiting to attack either an individual or a whole organization. And with employees working from home and depending on barely protected or unprotected technology, attacks have become easier.

‍Many companies don’t care about cybersecurity until they’re under attack. Such companies in the digitized world are prone to experience data breaches, ransomware attacks, identity theft, or other types of threats. It can result in major financial losses, sensitive data breach, or damaged reputation.

Although users can make use of high-quality password managers to ensure stronger passwords without the need to remember each of them, multi-factor authentication and passwordless solutions are becoming increasingly popular and safer.

To discuss such solutions and the cybersecurity environment, we invited Al Lakhani, the Founder and CEO of IDEE – a company that is committed to creating the most secure Authentication, Authorization, and Verification solutions.

How did IDEE come about? What would you consider your biggest milestones throughout the years?

‍After 18 years in cyber forensics, I felt that there was a need that was not being fulfilled. It was the need to provide a modern authentication solution that did three specific things:

       - Security that prevents all phishing and password-based attacks as well as stops insider threats
       - UX that is intuitive for the user
       - Integration & Deployment that takes minutes rather than weeks or months and does not require an army of technicians

As for milestones, two come to mind:

1. Three years ago we got our first German banking customer, Deka Bank. As most people know, German banks are very conservative. For Deka Bank to use our solution and provide access to their partner banks that manage billions of Euros was a great accomplishment for our small startup.

2. Two years ago we worked with the NCSC, the cyber arm of the UK GCHQ, to create a threat model that shows the weakness in authentication methods used currently. AuthN by IDEE scored the highest and allowed us to empirically prove that it is 3x more secure than other push/QR based authentication solutions, and 5x more secure than passwords.

‍Can you introduce us to what you do? What are the main issues your products help solve?

‍AuthN by IDEE is our multi-factor authentication product that prevents all credential phishing and password-based attacks. This means 80% plus of all breaches in the last 3 years would have been prevented by our solution – it is a SaaS solution.

- For the CIO this means significant reduction in costs related to managing credentials.
- For the CISO this means that she can deploy MFA to all users without the need to have a second device (like a smartphone or USB key). Same-Device MFA leverages the security chip available within each handheld, PC or Mac to deliver MFA.
- For the CEO and Board this means that all the employees, suppliers, and customers are protected against cyberattacks which are among the top 3 risks for them.

In your opinion, what industries should be especially concerned with implementing Multi-Factor Authentication?

‍We believe that every company that has a cloud infrastructure should protect it with MFA. AuthN by IDEE, our MFA solution, can be integrated and deployed with the three big cloud providers (AWS, Azure, Google) in less than 15 minutes.

Critical Infrastructure (CI) businesses should deploy MFA. This includes the transportation, telecom, energy, banking & finance, and government as the major industries. For CI businesses, we have created two special versions of our SaaS solution called Prevent and Persist. These versions are architected such that CI companies are protected even when IDEE is compromised and they are protected from malicious and negligent insider threats.

Additionally, what are some of the worst things that can happen if this safety measure is faulty or not in place at all?

‍One of the biggest risks today is ransomware. With MFA that prevents phishing and all password-based attacks, 7 out of these 10 critical ransomware attacks can be stopped.

Protecting the privacy of employees, suppliers, and customers is paramount for businesses for reputational and regulatory reasons. Not leveraging MFA for employees means that when a breach happens large volumes of sensitive personal data about customers, suppliers, and employees can be exposed. It can result in heavy fines and reputational damage.

Customers hate passwords. They hate creating them and remembering them. 92% of customers abandon the login process when they have forgotten a password. With MFA, it is even more tedious. This is why, AuthN by IDEE has created the Same-Device MFA. This feature allows users to login with MFA by unlocking their device. No push, no QR code, no second device; just simple intuitive UX.

How did the pandemic affect your field of work? Were there any new challenges you had to adapt to?

‍The work from home trend made it very complicated for IT departments to protect against cyber threats. For businesses that wanted MFA this meant they had to provide employees with two devices, a laptop and a smartphone or a USB key. This was a big opportunity for IDEE. This is why we created the Same-Device MFA feature.

Since Multi-factor Authentication is becoming a common practice, what methods have emerged in an attempt to bypass this safety measure?

‍Most MFA solutions including Microsoft Authenticator do not prevent phishing attacks; they only protect against brute force attacks. If the user can be duped into opening a link, all the following methods of MFA fail to protect against a cyberattack because the user is on a fake website and the attacker is on the real website and thus can impersonate the user:

- Enter the username, password, and six-digit token
- Enter the username and approve push
- Enter the username and scan the QR code

The only way to prevent all phishing and password-based attacks is to make sure that the user cannot enter credentials or approve access on a fake website. And that is what AuthN by IDEE is able to deliver.

What actions should average individuals take to protect their identity from being stolen?

‍Ask for a MFA solution that prevents all phishing and password-based attacks. This would mean that malware that captures keystrokes, phishing attacks, brute force password attacks, credential stuffing attacks, eavesdropping and many other attack tactics are completely stopped.

Recently, the discussion around biometric authentication has gained a lot of attention. Do you think it is going to surpass other authentication methods in the near future?

‍Biometric authentication is very powerful. However, as anyone that uses TouchID or FaceID knows, sometimes you need to fallback to PIN or password, which is a knowledge factor. So with biometrics a fallback of knowledge will be needed in the foreseeable future. However, as long as the fallback knowledge factor is local to the device, in the same way it is with TouchID and FaceID, all external attacks can be prevented. The main attack tactic to worry about is the person next to you who eavesdrops on you typing or knows your PIN or the password.

Would you like to share what’s next for IDEE?

‍We are excited to expand across Europe. Recently, we signed a multi-year agreement with Tech Data, a part of TD Synnex, which is the largest software distributor in the world. Once we are onboarded within Tech Data across Europe our next step is North America.