We recently updated our passwords for the Tech Collective CMS. Over half the team changed it by a single letter or capitalised a different letter. It is obvious we don’t take cybersecurity seriously and this can have dangerous implications for both businesses and us, as consumers.
We often grumble about having to log into our bank account constantly and use 2FA services, but wouldn’t hesitate to sue if we found out these institutions put our money at risk by not implementing these security measures.
So, we sat down with serial entrepreneur, investor, and Chief Commercial Office at Twizo, Eric Dadoun, to find out what can be done about this.
Read Twizo CCO Eric’s story here.
Eric has an impressive background in messaging solutions, as well as a long history in the startup scene, having started his first company at the tender age of 17 and he hasn’t looked back since.
He shared his real thoughts on cybersecurity, where we’re going next and what we’re doing right and wrong. His full interview is below and has been edited slightly for length and flow.
What do you think is the greatest challenge in cybersecurity right now?
Complacency is the biggest challenge. Regardless of what we at Twizo may think of existing 2FA solutions available in the market, the fact is there are options out there for people to engage with and the sad reality is that a lot of people are not engaging with them. We believe that enterprises and consumers are too reactive to cybersecurity when in fact they should be proactive in minimizing their potential victimisation. That complacency needs to be addressed by everyone in that consumers must demand proper security solutions from their enterprise service providers, enterprises must demand proper security solutions from those in the industry and those of us in the industry must keep innovating as well as educating.
With your experience in the industry, how do you think startups and online companies fair in Southeast Asia? Are we far behind the global standard or have we gotten up to speed yet?
We believe that the “it won’t happen to me” mentality is a global issue and not something specific to this region. It’s simply easier to not think about these things while hoping for the best instead of investing resources towards putting up layers of security. We are very pleased to see a lot of governments in this region taking the topic very seriously though and I think that is something everyone should be quite proud of.
What is the problem with sales in the region? Find out what Konsyg CEO, William Gilchrist had to share with us.
Cybersecurity strategies can be looked at along the lines of more traditional offline insurance policies such as health, auto, life and others. We may not like to think that these terrible things can happen to us but the costs and efforts required to engage in insurance do not even remotely compare to the costs and efforts required to deal with a problem after the fact. The fact that governments are getting so involved in the topic is something worth applauding and that will certainly lead to South East Asia continuing its positive growth curve in this space.
You’ve mentioned in a previous interview with us that “service providers have offered SMS & Voice-driven 2FA solutions which tend to be cumbersome or costly”. How were they cumbersome?
“Security” doesn’t need to translate into “complicated”. We saw a lot of really difficult integration processes, unnecessarily complicated registration flows and that is before we even start talking about some of the bloated cost structures offered in the market. We do not engage in talking negatively about specific competitors but what we will say is that Twizo invested a lot of time into developing simple to use APIs, ready to go plugins for integration, cost-effective and at times free services as well as a robust list of authentication methods for our partners to select from.
“Security” doesn’t need to translate into “complicated’ and with Twizo “simple” doesn’t need to mean “less secure”. We’re all very busy and in a lot of cases impatient so to further the adoption of 2FA it is important to keep services as frictionless as possible regardless of whether you are using SMS, Voice or another form of authentication.
In previous interviews and articles by you, we’ve noticed you talk about ‘choice’ a lot. Is there a lack of choice in the cybersecurity market in Asia and if so, how would you solve that issue?
Choice is imperative! We live in a world and in a time where we are drowning in choice with respect to nearly every aspect of our lives. Especially with regards to our digital lives, why should that be any different?
Traditionally speaking two-factor authentication service providers focus exclusively on SMS and Voice pin codes which might be viewed as too much effort from a consumer standpoint or too costly from an enterprise standpoint. If we are especially talking about a startup that might be cost-conscious due to limited funds then why should a lack of pricing choice prevent them from taking security seriously? On a consumer level why should someone be inconvenienced when taking actions to protect themselves?
We are already solving this problem because we are taking a broader approach by offering 6 different ways to authenticate a user with plans to release more in the future. We want enterprises and consumers to have as much flexibility as possible in terms of both technology as well as pricing when it comes to deciding how they engage with 2FA.
So according to research, the consumer really doesn’t care that much about cybersecurity and 2FA. Recent surveys show that while people know about it, there isn’t any urgency or demand from the consumer side. Is this apathy slowing down the growth of the industry?
Difficult to say whether apathy limits growth but what I will say is that we need enterprises and consumers to take things more seriously. Preemption might be boring and no one likes thinking about terrible things happening to them but the simple fact is that cyber attacks are happening all the time. While we might be fortunate enough to have not been the victim of one yet, that doesn’t mean they aren’t happening. As I’ve said before, a cybersecurity strategy is just a digital version of the insurance we invest in for our offline lives. The pros far outweigh the cons and instead of complaining about apathy, those of us in the industry must keep innovating and must keep educating.
Can you name some companies in Southeast Asia in your opinion that are being innovative with their cybersecurity options?
If I look specifically at Singapore I think compliments must be given to Singapore Airlines who reacted relatively quickly to a recent report of a data breach that led to one of their frequent flyer mile members having their miles stolen from their online account. The type of 2FA they adopted is quite traditional but nonetheless, this further proves that large corporates absolutely have the capacity to make quick changes when presented with the incentive to do so.
Again looking at Singapore I think Standard Chartered Bank should be applauded for the rollout of their recent mobile application upgrade as it includes a lot of easy to use authentication options for app generated offline & online tokens. A huge step forward compared to their recent dependency on hardware token cards.
Twizo is always happy to celebrate creativity in this industry but before that, we’ll just be happy to see further adoption. Our approach is to make sure that our platform is as flexible as possible so as to give everyone the freedom to integrate 2FA in the way that suits their business best. Through freedom of choice and flexibility, we think we’ll eventually see some really creative use cases pop up.
So, besides Twizo, your experience also includes being on the investor side with Impiro. What is your impression of the overall cybersecurity industry around Southeast Asia?
I would say that in most industries you see startups pushing the envelope of adoption, innovation, and creativity which ultimately leads to a reactive approach by more traditional incumbents and governments to catch up. It’s quite funny that when you look at cybersecurity the table is somewhat turned in that a lot of the push for adoption and innovation is actually coming from government and regulatory bodies.
Read how Singapore’s startup scene is growing with Christopher Quek from TRIVE
With both my Twizo and my Impiro hats on I would love to see more passion in the startup scene for cybersecurity. This is an issue that we are going to be dealing with permanently as we move forward into a more digitized world so I think there is a lot of room left for new solutions, new approaches, and general innovation.
As a serial entrepreneur, what advice would you share with new entrepreneurs?
There is no elevator to success, only stairs. That straight line to 100 simply doesn’t exist. The entrepreneurial journey is an exciting one but it has its challenges, to say the least so make sure you’re working on something you are passionate about. Keep working, be your own biggest critic, adapt when needed and keep going forward.
— Tech Collective (@TechCollectiv3) June 21, 2018