Data is the new big thing; procuring and generating the data may be a difficult endeavor, yet securing access to it could even more difficult, each person who needs access creating a larger window for error and a larger surface of attacks. This allows breaches to happen, which puts firms in a difficult financial situation and forces them to choose an outsourced solution. Among them is MyCena, a security solutions company that was started by Julia O’Toole and Brendan O’Toole. It was established in 2016 with the intention of eliminating the significant problem of people knowing passwords, with its Segmented Encrypted Access Management Solutions (SEAM).
On top of improving cyber-resilience and risk mitigation, MyCena eliminates the need for password resets since users don’t remember their passwords in the first place. It also omits the need for password training and password phishing exercises since users don’t create their passwords, and therefore there is no more risk of human error.
MyCena began with the notion of resolving an already existing issue. Julia faced password problems for decades and could not find a solution that was up to the mark. She also experienced that all the products on the market were massively unsafe, from password books to password managers. With years of research in mathematics, neuroscience, and technology, she finally found the solution by traveling back in time. While walking among the ruins of the 3,000-year-old ancient Greek city of Mycenae, Julia observed how the ancient Mycenaeans had used the city’s architecture to protect themselves. “Having built three concentric walls around the city, you had to pass a first gate, called the Lions’ Gate, to enter the city, then a second gate to access the garrison, then a third gate to access the king’s palace,” she explains. There, standing among the ruins of ancient MyCenae, she had an epiphany: ‘A password is just a key. No one cuts their keys each time they enter their home. They simply use the right key to open the right door. In the same way, no one needs to remember any password to open a digital door.’ This visit also inspired the name of the company.
The company has the only patented solution that can stop breaches before they happen, stopping lateral movement and privilege escalation if caught in a supply-chain attack. This provides a level of cyber-resilience and risk mitigation (in addition to direct cost savings) that no IAM, PAM, or SSO solutions can match, as they all rely on users creating their own credentials or using their identity and concentrating data behind single points of failure. “Putting all your eggs in one basket is also the antithesis of proper risk management,” says Julia. As both human-known credentials and identities are easily stolen and can be used to infiltrate whole networks, they facilitate lateral movement, privilege escalation, and supply chain attacks. It improves productivity as people no longer need to attend password training routines, create and remember passwords, and wait for passwords to be reset.
Not knowing the password
Julia mentions that 95% of breaches occur because employees know their passwords. For example, criminals are only required to log in using a stolen credential like Solarwinds123 or identity AI deep fakes to render all previous cybersecurity investments. Employees knowing passwords is a 10-out-of-10 on the CVSS scoring system, the Common Vulnerability Scoring System, where a score of 10 represents the most severe vulnerability. This is remediated by using MyCena’s SEAM solutions and making sure people don’t know passwords anymore.
MyCena has the only patented solution that can stop breaches before they happen. All other IAM, PAM, and SSO solutions rely on users creating their credentials or using their identities; both are easily stolen. With MyCena, users never know the credentials, so they cannot be leaked. From a console, the company manages and distributes highly secure encrypted passwords for each system to employees, which they use as keys. “Integration with web applications, local applications, RDP, SSH, and WDE is already embedded into the MyCena process,” Julia adds. “There is no infrastructure change.“
Morality and ethics
The security team at MyCena regularly performs manual penetration testing to detect any possible vulnerability in its different environments. It also uses Black-Box external tools to scan its environments and generate reports. In addition to that, its clients’ security teams also regularly pen-test the given solutions. The production databases’ access is limited to administrators of MyCena, and that’s only for troubleshooting any problem from any client if there is something that went wrong. “No one from the dev team has any access to the production database or servers except administrators,” Julia adds. Also, production and database access are limited and only accessible from authorized IP addresses and using SSH private keys that are not shared with anyone. Moreover, MyCena has all the necessary licenses and permits to operate in the countries in which the company is selling and complies with all laws and regulations within those countries. Furthermore, MyCena represents and sets a standard well above those required by existing regulations and standards in terms of access control. Indeed, Julia expects that the underlying principles and technology behind MyCena will become the new industry standard in the near to medium term.
Morality and ethics are of paramount importance at MyCena and lie at the top of the core values framework. It advances and protects the interests of humanity, of societies, and of people worldwide. It does this by firmly securing its clients’ digital properties and safeguarding them from data breaches. According to Statista, cybercrime costs the world US$8 trillion a year. If it were a country, it would have the 3rd largest economy in the world. MyCena is the only solution that can stop cybercrime, and ending the global cyber pandemic is the company’s daily crusade. “Dilemmas or conflicts are always resolved in reference to these principles and goals,” states Julia.
Cybersecurity has evolved so much that it has become unpredictable. The key risk factors that a company faces are systemic attacks that can take down large parts of critical global infrastructure. Julia highlights that these risks are likely to happen if people continue to use single-access passwords created by users. To resolve this, she and her team will be pushing regulators to consider creating a new standard for access management where users no longer know their passwords. “This will stop 95% of breaches and dramatically reduce the volume of cybercrime,” says Julia.
Being market experts, the organization keeps a close eye on the industry and is well aware of emerging challenges within different industries. By using its technology, MyCena attempts to solve customers’ emerging problems and simultaneously support them. Julia states that the cybersecurity landscape will change from the current post-breach emphasis on detection, remediation, and patching, a posture that dominates today, to a pre-breach emphasis of ‘let’s not get breached in the first place’. Today, companies are focused on post-breach remediation, on what happens after credentials or identities are stolen. The vast majority of cybersecurity spending today goes towards detection, remediation, and patching. The mindset is that there can be no cure for human error. It’s not a question of if you’ll be breached, but when you’ll be breached. This all changes with Segmented Encrypted Access Management solutions, which focus on ensuring passwords or identities don’t get leaked in the first place. This can be done by making sure users don’t know their passwords and don’t use their identities for access, removing the human error factor entirely. This simple shift in emphasis stops credential and identity theft and, with segmentation, prevents lateral movement, privilege escalation, and supply-chain attacks. “No more breaches. This is the future of cybersecurity,” adds Julia.
The team at MyCena is constantly challenged by clients to solve new problems. This keeps them focused on doing fundamental research and constantly looking for new processes and innovations to solve big problems. The company is planning to implement artificial intelligence to enhance its solutions and processes to tighten its customers’ security and deliver an even greater user experience. The company’s future plans include growing into new markets and industries, forming more alliances, and coming up with novel solutions to OT security.