Thrive Global: Multi-factor Authentication Is the Way to Go

October 6, 2021

Original article posted by Tyler Gallagher, CEO and Founder of Regal Assets, via Thrive Global. As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Dr. Manfred Mueller, COO of Identiv, Inc. Dr. Manfred Mueller was named Chief Operating Officer of Identiv in September 2013. As a result of the diverse roles he has held at Identiv — including sales, marketing, product management, business development, and investor relations — he has a deep understanding of the company’s technology, markets, customers, stakeholders, and operations. Dr. Mueller joined Identiv in 2000. Before joining Identiv, Dr. Mueller was responsible for strategic investments, product development, and M&A activities for BetaResearch GmbH, the digital TV division of the German Kirch Group. Dr. Mueller holds M.S. and Ph.D degrees in Chemistry from Regensburg University in Germany and an M.B.A. from Heriot Watt University in Edinburgh, Scotland. Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up? I grew up in a pretty rural part of what’s called Lower Bavaria roughly 50 miles north of Munich. It actually is the biggest area in the world where hops are grown and you know, Bavaria is known for its beer and all you need is water, barley, and — for the right flavor — hops. I went to school and university in that area but always had ambitions to get out of town and hence I joined companies which had quite an international footprint, and here I am. Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it. My journey to get into cybersecurity is quite an interesting one. Technically I am a chemist and was supposed to do lab work and surely end up with one of the big chemical or pharmaceutical firms. That’s why I have all my early degrees in chemistry and pharmaceutical chemistry. I am sure I would have made my way in that vertical, but I didn’t want to get trapped as a lab rat but rather wanted to get into sales or marketing right away. I was looking for alternatives and back then in the late nineties digital TV was just rising up. I joined Germany’s biggest media group and worked for one of their tech companies as product manager. We were developing the digital TV technology and platform to allow PayTV services to be broadcasted. PayTV, as you might know, always has had a high level of attraction to people who actually did not want to pay for it. I was in charge of the encryption technology (called the Common Interface Module — in the U.S., it is better known as CableCard) and I also was in charge of the subscription cards, which happened to be smart cards. That’s how I got into that industry. I was hired by one of our suppliers (f.k.a. SCM Microsystems and now known as Identiv). The rest is history. Can you share the most interesting story that happened to you since you began this fascinating career? I think the most interesting story since starting my career is the fact that I ended up in cybersecurity in the first place. I could not have predicted that this is where my career would take me and yet, here we are. If you had asked me when I was younger what I thought I’d be doing now, this would not be it; however, it’s been a great fit for me and I believe things have a way of working out how they are meant to be. None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that? I owe a lot to Robert Schneider. Robert was the founder of the company and I was hired to become his right hand guy. I was at the very beginning of my career, only two years out of university, and still he had a lot of faith in me. He assigned tons of tasks to me in the first few years which made me run IR, PR, marketing, and eventually product management. Back in 2006, he pulled me aside and told me: “Manfred, if you ever want to become a C-Level manager, you have to do sales!” Having said that, they forced me into a job rotation program, had me run sales for Germany, Austria, and Switzerland (GAUS), then EMEA, and eventually global sales. I have been out of sales since then. But I wouldn’t be where I am today without this move. Are you working on any exciting new projects now? How do you think that will help people? Identiv is building an RFID community around our new NFC mobile app development ecosystem, uCreate NFC. Our software development kit (SDK) allows mobile app developers who are new to NFC technology to start NFC mobile app development for either Android and/or iOS devices. Our platform makes it easy for developers to test ideas with off-the-shelf tags and provides a simple solution for programming and encoding. The ecosystem offers developers all the necessary tools for NFC projects or applications and includes:

• Standard NFC tags
• Source code and documentation
• Mobile phone app (for iOS and/or Android)

What advice would you give to your colleagues to help them to thrive and not “burn out”? Find a way to establish a solid work/life balance — however that looks for you. And utilize whatever resources you have at your disposal to ensure your workload is manageable. Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain? Access, video, and audio are converging into consolidated platforms. Due to lower costs and paired with IP-based and wireless infrastructure, there are infinite solution configurations. IT security requirements are beginning to apply to physical security because of this integrated infrastructure. In addition, mobile-enabled systems are continuing to gain traction, but are still works in progress in regard to figuring out what belongs on a browser and what can be easily used on a mobile device. Lastly, the industry is starting to use a tremendous amount of data and events that are available to provide better situational awareness to customers. Today, we can do more for our customers than ever before — and at highly affordable prices. Thanks to the explosion of powerful standards-based technologies such as RFID, digital video, analytics, mobility, cloud, wireless (Wi-Fi, Bluetooth, soon UWB) and more, companies are better positioned to provide end-users with services they want and need. There’s an amazing range of solutions we can muster by making sure we serve the customer’s needs rather than being unnecessarily complex. The recognition that security solutions are not “one size fits all” has been revolutionary in providing users with customized, tailored solutions for their unique applications. Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? There is a massive transformation occurring in the security industry, and the movement to digitize physical access and integrate it with video management systems and surveillance. This shift means that cybersecurity is becoming even more intertwined with physical security, and that is exactly where Identiv itself is seeing business growth. Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story? Only earlier this year some of the FIDO tokens went through a security breach — people were able to hack into the IC which was used by most players and had caused a lot of concern within the government and corporate world. We were able to immediately respond. Not only because we had done our due diligence before but also because we wisely had chosen the latest state-of-the-art IC for our platform which was not susceptible to such a breach. What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do? MFA is what I use the most. Multi-factor authentication and straight forward 2FA (two factor authentication) to me are the most efficient ways to secure networks and computers. Thereby, you have a reader and a smart card carrying your credentials and then you enter a password. So there is always something you own and something you know. Using smart tokens in a smaller form factor does the job as well. Most recently, FIDO tokens have been pretty hyped and I like them, too. They are simple, you need to be present (as in, you have to touch them), and off you go. How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer? The most important thing to do is to adequately train your employees to recognize breach attempts. It’s not always feasible for a small company to bring on a cybersecurity team but it is possible to implement a cybersecurity strategy to protect your own business, your customers, and your data from growing cybersecurity threats. In addition to training employees, it’s critical to provide firewall security, utilize multi-factor authentication on all devices, and to secure, encrypt, and hide your Wi-Fi network. As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”? Cyber criminals are growing more sophisticated each day so it’s easy to miss the signs of an impending breach. However, there are some telltale signs:

1. Sudden locked accounts. This is often a sign that a hacker has gained access to an account and changed the login credentials.
2. Slow network performance. This could be due to malware or other viruses utilizing your device’s bandwidth.
3. Suspicious emails. Many security incidents are caused by phishing attacks. Employees are often the first target of cyber criminals so it’s important to train them on phishing scams so they don’t fall prey to such emails.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers? Firstly, customers must be notified as that can help reduce the potential financial and personal ramifications. Companies should stay in contact with their customers — even those who weren’t affected by the breach — and keep them knowledgeable about the steps being taken to correct the incident and ensure that it doesn’t happen again. Silence is the wrong direction to take in this situation. Additionally, companies should make sure all security and software patches are up to date to prevent a breach from happening again. How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general? I was personally heavily involved in introducing GDPR on our end and I have observed what a burden it was for a lot of organizations — in particular small businesses. Whereas the intent was a very good one, the actual implementation caused a lot of stress for organizations and also resulted in lots of confusion. WIth just a little bit of fine tuning here and there, we will be getting super solid protection for consumers and individuals, which all this actually was meant for. What are the most common data security and cybersecurity mistakes you have seen companies make? The number one mistake I see is failing to adequately train employees to recognize breach/hacking attempts. Don’t assume that your employees know how to spot a breach attempt; make every effort to equip them with the knowledge they need to prevent such attacks. Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain? I would say so. Many companies have had to pivot to a remote work operation that they weren’t set up for. This led to a sort of piecemeal security solution for many companies. With all the work-from-home going on and especially school-from-home, our country’s families and children are more exposed to cyber danger than ever. ‘Bad guys’ are taking advantage of it. To function as a free society and especially to keep our kids safe, we need a serious and fast program for easy to use, accessible-to-all cybersecurity. But there is a solution. FIDO standards-based authentication ends reliance on passwords, protects user credentials, and resists phishing attacks. FIDO supports the remote pandemic-era workforce by ensuring critical data residing on home-based systems and mobile devices remains secure and uncompromised. Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)

1. Multi-factor authentication is the way to go. We are seeing a paradigm shift from decentralized and reactive cybersecurity strategy to a consolidated, centralized, and proactive approach to protect critical network infrastructure and data. Having several layers of authentication vastly cuts down on the chance of experiencing a breach.
2. Understand that physical and cybersecurity are becoming more intertwined every day. The physical and digital world are becoming more interchangeable, making verification the currency to ensure people, products, services, and systems fulfill their intended purpose and have access to the right environment at the right time. When unauthorized users access sensitive information, they steal personal data, plant malicious code, or introduce ransomware.
3. Passwords are dying. User-friendly strong multi-factor authentication allows individuals, businesses, and government agencies and contractors to replace passwords with a secure, fast, scalable, cost-effective login solution.
4. Focus on offense, not just defense. Cyber criminals will attempt to hack you. Keeping this in mind while creating your security strategy often yields better results at detecting and preventing such hacks.
5. Have a plan in place. You need to have a plan that delineates what to do if there is a breach. You don’t want to be figuring out in the midst of the breach; you want to be able to take immediate action as soon as the incident is discovered.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!) The topic that moves me the most right now is to get to global herd immunity to fight the COVID-19 pandemic. We all want to get back to normal. I certainly respect people’s concerns and fear around it but continue to advocate for it in a most factual and objective way. I am a man of science and I’d like to have us listen to the ones who deal with the topic in a most professional way. How can our readers further follow your work online? They can visit us online at identiv.com or connect with me on LinkedIn.