Take a moment and imagine… Imagine a company letting their employees make their own keys to access the company building, elevators, floors, doors, data rooms... Imagine employees using the same or similar keys that they themselves created for all of those places. Imagine them formulating and applying their own safety rules to the production line. What would you think about this company? Probably that it lacks security.
Now imagine the same company letting their employees create their own passwords to access the company’s digital infrastructure, networks, servers, applications... Imagine employees using the same or similar passwords that they themselves created for all those accesses. Imagine them making their own password rules to access and operate servers and critical infrastructure. Now what would you think about this company? But hang on a second … this is your company. You just never saw it this way.
What makes the security pitfalls so easy to spot in the first scenario yet so hard to spot in the second is a consequence of our brain’s evolution. To survive in the natural world, our ancestors had developed that part of the brain that detects movement in physical space. Staying alive largely depended on how fast you could spot danger. That is why in the first scenario, it takes no effort for our brain to see the risks of letting people make their own keys.
On the other hand, it takes a great deal of effort for our brain to see and navigate the digital space, to see the risks, problems and knock-on effects of data leaks, privacy breaches, using same pattern passwords, lateral movement or supply-chain attacks… All those terms are abstract. And because we cannot visualise them (there is no lion about to jump on you), our brain does not perceive their inherent “abstract risks”. And that explains why people take so many risks in their digital life that they would never take in their “real” physical life.
For example when people use a password manager with a centralised access or single sign-on, they put all their passwords behind a master key or identity. That key now opens everything. In your physical world, would you have just one key to open your car, your house, your office, your bank account, your email, your crypto-wallet, your children’s savings? Probably not, because the risk is too high. The day you lose that key, you know you lose everything at once. Yet many people are taking that risk in their digital life.
To make cybersecurity more tangible, it helps to imagine your digital infrastructure, assets and access as things you know from the physical world. For example, picture your digital infrastructure as a house, IoT devices as windows, servers as rooms, passwords as locks and keys …
Now that you can picture this house, would you still let your employees make their own keys to get into each room?
For years, the responsibility of "key-making" has been dropped onto employees - in this case their brain. But since people always use the same password patterns for banking, shopping, social media, master key... in order to remember them, most passwords are easy to crack using credential stuffing, brute force, social engineering, dictionary attacks... over 80% of data breaches start with a legitimate password.
In order to regain control of their cybersecurity, companies need to take back control of “key-making”. Instead of letting employees create and store their own keys, companies need to create and distribute keys to their employees!
But our brain can’t remember passwords, let alone dozens of passwords like s7D£bShX*#Wbqj-2-CiQS, one for each system. So, instead of adapting our brain to technology, we adapted our technology to the brain.
“Never remember something that you can look up” – Albert Einstein
Started in 2016, MyCena has pioneered a breakthrough credentials distribution system that represents a paradigm shift for cybersecurity. The result of years of research and development, tested, adopted and enhanced by clients in the most security-stringent sectors, MyCena security solutions have been crafted in the relentless pursuit of the shortest path for the brain.
In the physical world, companies give their employees badges and keys that enable them to access different company physical property. In the digital world, companies use MyCena to give their employees different credentials to access different company digital property. Employees just need to use the right key to access the right system. It is that simple.
To remove the problem of single point of failure, centralised and privileged access, compromised biometrics and identity, recycled passwords and lateral movement, MyCena took inspiration from the Ancient Greek city of Mycenae to pioneer a multi-level local credentials fortress. Passwords are received encrypted inside each fortress under three levels of security (Bronze, Silver and Gold) that only the owner-user can access with a combination of fingerprint, face ID, PIN, lock pattern and passphrase.
With MyCena fortress, users can have 1000 passwords, yet 0 password that they have had to create themselves, or remember, type or see. That means no more using your memory for cybersecurity, no more password effort… and no more password mistakes.
This simple yet revolutionary shift offers tremendous benefits for both people and companies. For people, it relieves them from their make-shift role of key-maker and drafter of different security rules for different systems. Now people can actually concentrate on their job! For companies, instead of training everyone to be cyber-hygiene experts, it is a lot safer, more cost-effective and time-saving to implement cybersecurity for their employees.
Using MyCena management console, rolling out the solution to thousands of people is fast and easy. All systems and passwords for your ‘digital house’ are preloaded from an Excel template onto the console. Users are registered either through Active Directory or through an Excel template. Set and use attributes to decide who receives which passwords. Set and use roles and permissions to control who can do what within the console or the application. Use GRC syslog to audit usage and compliance. And do it all without changing any infrastructure and without seeing any passwords.
In a physical context, it would be the equivalent of managers putting new strong unique independent locks to all doors and windows in the house and giving the right keys in real time to the right person. All without changing the structure of the house or seeing any key.
MyCena credentials distribution system is powerful and flexible. You can use the maximum password length for each system, no matter how long it is. For example if your system allows 45 character passwords, leverage it. When employees change country, office, department or project, you can update their credentials to their new role in real time. If an employee needs temporary access, you can make passwords expire after a certain time. If colleagues need to share passwords, provided they have the permission, they can share their passwords encrypted from fortress to fortress. You can fine-tune permissions (access console, share passwords, see passwords, create passwords...) for different roles.
On the user side, MyCena comes in two versions. Both provide the highest security for your credentials.
The desktop version MyCena Desk Center works for containerized environments, employees who handle sensitive information (PII, financial information, IP...), employees who access many systems for many clients, employees working from home… Passwords cannot be shared outside of that company.
The mobile version MyCena Business Fortress works online or offline. If allowed by their manager, users can share passwords with people even outside their company environment, who use MyCena Business Fortress or MyCena Personal Fortress, the consumer version.
This is the number one problem in cybersecurity. Over 80% of breaches start with a weak or recycled password. MyCena counters all known credentials attacks (credentials stuffing, password spraying, brute force, social engineering, dictionary attacks, vishing, phishing...). Passwords are protected against key-loggers, screen loggers and automated bots. Companies get maximum coverage as all "digital house" endpoints are protected, from the core (servers, databases, admin access, legacy systems) to the edge ( OT, IT, IoT, applications). There is no password to create, type, see or remember: no more weak, same pattern or recycled passwords.
MyCena decentralised access model allows for system distancing. In the same way that social distancing helps to isolate people who caught COVID-19, system distancing helps to isolate breaches, reduces their impact and mitigates lateral movement, ransomware, supply-chain attacks.
MyCena simplifies cybersecurity by removing all the burden associated with passwords. There is no more 'forgot password', no more IT 'password reset' queues, no more password typing errors.
Cyber-attacks have not only proliferated in recent years, they are increasingly threatening our physical life. Much worse than having photos and videos leaked online, people can now be poisoned by their water, killed by their pacemaker or attacked by their home electric appliances. Our planes can get diverted, our hospitals paralysed and our electricity shut down. The list of critical infrastructure at risk of a major breach goes on and on, as every single aspect of our life is now connected to the internet.
As the new Biden administration stated after the SolarWinds hack, we can build back better. But to make sure the new building won't collapse like the old one, governments and companies need to change their old building security plan. After the hack, some companies said that the day after their system was rebuilt and put back online, hackers were back too, as if they already had the keys to the new building. Now you know why, as in front of them, humans will always recycle their password patterns in order to remember them. This is how our brain software works.
So rather than blaming cybercriminals for escalating attacks and increasing their sophistication, companies could simply lock their doors. It may take hours or days depending on the size of the house, but once that is fixed, they are protected against most credentials attacks. For companies that have been hacked before, changing their locks is especially urgent as hackers can be back any day with the old pattern keys.
Luckily for the future of our society, the security of our digital world is not doomed. By simply locking their doors, people and companies can be a lot safer, just as they would in the real world. For people, it is easy, as they can start using MyCena Personal Fortress today. For companies, it is a simple choice: keep deferring cybersecurity to their employees or take back control of your keys.
If you want to get started, ask your security team, IT team, CISO, CIO, IT provider, MSP, MSSP, IT reseller, IT consultants... to contact us for a quote.