Quieting the Threat of Consumer Data Breaches

Episode 321

State of Identity Podcast

3/9/2023

Episode 321

Quieting the Threat of Consumer Data Breaches

While consumer data breaches have continued to occur at a record pace, options for proactive identity data protection have remained limited until now. Join host Cameron D’Ambrosi and Hush Co-Founder & CEO Mykolas Rambus to discuss why previous solutions have remained inadequate and why artificial intelligence is the key to protecting consumers.

Host:

Cameron D'Ambrosi, Senior Prinicpal at Liminal

Guest:

Mykolas Rambus, Co-founder & CEO

Links:

Share this episode:

Cameron D’Ambrosi [00:00:00] Data breaches have sadly become a part of the everyday fabric of our lives. A persistent march of headlines announcing the latest leak with no end in sight. Identity theft protection platforms can offer help with the cleanup, but options for true proactive protection have remained scarce until now. Stick around as I’m joined by the CEO of a new breed of digital privacy platform offering proactive protection against a litany of old and new threat vectors. Welcome everyone to State of Identity. I’m your host, Cameron D’Ambrosi. Joining me this week is Mykolas Rambus, CEO and founder of Hush. Mykolas, welcome to the podcast.

Mykolas Rambus [00:00:45] Thanks for having me.

Cameron D’Ambrosi [00:00:46] So, you know, I was really excited to get you on the docket. You know, we became acquainted because I saw that, you know, Greycroft had made an investment in you recently, which, you know, is last year at this point. But congratulations on that latest fundraise. And, you know, I immediately got excited because you guys are taking an approach to the data privacy space that I don’t think I had seen out in market necessarily. You know, there’s a lot of platforms out there that are purporting to assist with things like data privacy, you know, protect organizations and individuals from, you know, scams like phishing and social engineering. But there’s, you know, this maybe sounds a little bit harsh, but there’s a lot of snake oil out there and a lot of platforms that, you know, in my opinion, make it seem like they’re doing proactive things and they’re really kind of just remediation platforms. You know, it’s like they’re not helping the cows from getting out of the pen. It’s just a guy with a motorcycle. He’ll help you drive around and maybe herd them back up after they’ve left, which is certainly needed. But, you know, that’s fundamentally different from preventing them from getting out in the first place. So all of that is to say that’s a long-winded introduction about the fact that I’m, you know, excited about what Hush is building, and maybe you could take it away with a little bit of introduction from your perspective. You know, how you came to get this idea to to found a platform focused on putting consumers and employees kind of back in control of their own personal data.

Mykolas Rambus [00:02:32] I appreciate that greatly. And thanks again for the kind words. We’re excited to have Greycroft involved and excited to tell our story as well. We think we’re putting the AI back in information security. It’s funny as much as is talked about all of the ways that organizations need to secure themselves and individuals, right, whether they’re executives or line employees, need to secure themselves. Very rarely is anyone looking at their information. Right. That’s available online. And if you’ve ever Google yourself, you’re getting the tip of the iceberg of all of the same things that anyone can find out about you, whether it’s your neighbor or whether it’s a threat actor looking to get into your personal account, steal your identity or impersonate somebody trying to break into your company. So we started this company thinking, well, let’s figure out how to do that and how to solve that problem. You mentioned snake oil. You mentioned some other analogies. You know the one that’s often told to us is whack a mole. Have you ever played that game at the arcade? If you’re old enough to remember that one, right, with that with the arm. You know, it’s almost impossible to do because there are 2000 more than 2000 data brokers in the United States. And based on our laws, everyone’s information gets out there, whether you fill out the warranty, registration, card or use subscribe to the magazine, or even if it’s digital online, you buy a house, you purchase or release a car. All of those things leave a lot of information out there about us, all that gets recycled and resold by wholesalers. The next thing you know, large parts of your life are available online. And so at how we’ve endeavored to find all of the information out there about any given individual, be able to let them know because no one’s got time. What’s a vulnerability, Right? I can go unlock someone’s credit report and then impersonate someone in minutes just based on what I find. We try to find those items unlocked. Social media accounts, last addresses, and mobile phone numbers. Right. Mother’s maiden name. Let people know they are there and remove those rights on behalf of the individual. And that removal part is key. Like you said, it’s not just enough to know. It’s got to get taken down. So that’s what we do very simply. We do that at scale. We like to think of it as workforce privacy management, because the reality is 98% of breaches these days are caused by social engineering and phishing, by people, reconnaissance and employees, and finding smart ways in. There’s a reason that threat actors do it because it’s the easiest way. And so we’re trying to even the game.

Cameron D’Ambrosi [00:05:03] And, you know, I think that’s one of the more interesting elements of your platform, again, is, you know, this focus you have on bringing this to market through that B2B channel as opposed to kind of a direct to consumer model that some other platforms have taken. You know, can you talk a little bit about, you know, your entry and how you looked at the market opportunity and what made you think, you know, we should bring this to market from that B2B channel?

Mykolas Rambus [00:05:31] So fundamentally, this category is 15 years old. LifeLock started off. Everyone’s seen the advertisements, right? You know, we know we’re out there. The issue is it’s a it’s a company problem first and foremost, Right? So, yes, we are as consumers are experiencing record identity theft, right. To x more in the U.S. than anywhere else in the world. We’re being harassed and intimidated and docked and stalked online like never before. And that’s continuing to go off the charts. And those things need to be solved. But first and foremost, it’s companies who have immediate cybersecurity needs that aren’t being met. There’s a reason we’re reading about a breach every week because employees are the soft underbelly. And so it’s the companies who have and who will pay and who will get this done. And our vision is five, ten years from now, every person, every employee in America will have digital data protection is just the way that we’re all going to operate in the future. But it’s companies that have to lead that charge because they have the requirements, the regulations and the capacity, right, to make this change.

Cameron D’Ambrosi [00:06:35] That’s a really interesting perspective. And, you know, I think in many ways, consumers still haven’t fully internalized, you know, what what those avenues of of protection that they need to cover are. You know, I think people don’t really understand, you know, their their attack surface kind of in in cybersecurity parlance. And I think it does, you know, in large part stem from so many of these corporate data breaches that we’ve seen, you know, fairly consistently. You know, unfortunately, example for my personal life, I think I’m on data breach number eight with with T-Mobile as a T-Mobile customer. So in looking at this market opportunity and and where it is headed next, obviously, you know, the dream state is we end up in a world of, you know, fully decentralized, whether you want to call it self-sovereign identity or verifiable credentials, where, you know, you as a consumer are kind of fully in control of your data from the get go. And, you know, it isn’t stashed away in a hundred different enterprise databases all over. And, you know, you protected yourself from being breached by by not having your data out there in the first place. What kind of timeline do you think we’re on where where that can maybe become a reality? Or do you see this market as continuing to exist for a good long while, even as we begin to try transitioning towards some of these more decentralized models?

Mykolas Rambus [00:08:10] Yeah. So I actually I, I’ve spent a lot of time trying to address and understand that issue and the market opportunity, I think be a long time before we see people having real control, if ever, of their other information online. Right. So I mentioned the 2000 plus data brokers. You mentioned T-Mobile. You think about all the other companies that are out there are dealers and tens of thousands of organizations. Heck, at the restaurant, Right. You made that last night. So I think it’ll be a very long time, if ever, that that occurs. I think that’s the dream state and that’s the ideal state. But it’ll be a long while before before we get there. There are just too many entrenched interests. I think consumers, like you said, you know, either aren’t aware enough or it’s just not worth enough yet for them to do it. Maybe they’ll be legislation that comes down the road that encourages that. But just as those things are going on, impersonation is ticking up. And so, yes, there are great technologies out there to to limit to, if not eliminate impersonation. But the state of the art will also advance. So I think we’re always going to have this need for understanding one’s own digital footprint, certainly at an enterprise or executive level and then managing that accordingly.

Cameron D’Ambrosi [00:09:24] Who do you see as the the biggest competitors in the space? You know, do you feel you’re kind of on an island out there all alone or, you know, are there other companies that are are doing good work you feel in the competitive space? And maybe as a follow on question to that, you know, I would love to hear more about your vision for the future of Hush and and how you might actively, you know, begin thinking about helping companies not just mitigate some of these risks, but kind of proactively prevent them from creating those risks in the first place. Is that something you’re thinking about as well?

Mykolas Rambus [00:10:00] It is, and we’re appreciative to be not the only company, you know, taking our approach and focusing on suppressing or removing data on employees at enterprise scale. But the reality is there’s not many. You’ve got a whole lot of companies on the consumer side. I’m sure many of your listeners have tried companies like me or others that have been out there for years. But as an enterprise solution, there is just not much of anything in what we come across so far is really the folks who look at broad based intelligence. Check your threat analysis. But we’ve taken that same model and brought it over here to protecting the employee. But no one, in our view, has solved solve the comprehensiveness problem. Or how do you find everything right? Your life, Your life depends on this. Can you really track down all the information that a dedicated threat actor is sitting down for days at a time would find out about you and your family and the answers. We just don’t see yet anyone else out there. So we’ll see where that where that goes.

Cameron D’Ambrosi [00:11:01] And then, you know, in terms of the future of the platform, the future of the space more broadly, you know, obviously we talked about this dream state, this future state of being able to have consumers completely in control of their own data. And, you know, again, I guess use that cow analogy. Right. Secure their cows on their ranch and not have them wandering all over the place. Obviously, that is a long term dream. And, you know, in many ways, these transitory phases of markets are are the most interesting and offer the most opportunity. You know, I often liken the analogy in this space to the transition, whether you want to talk about between, you know, horse drawn carriages and cars or gasoline cars and electric cars. Some of the most challenging moments are when you have both of those paradigms kind of existing at the same time, right, when you have horses and model TS sharing the road, when you have, you know, a 30 year old beater and a Tesla model S sharing the road. You know, what do you see in terms of opportunities for this long tail of where we’re going to continue to have these data vulnerabilities at this enterprise and at this personal level, But at the same time, maybe some pieces of that ecosystem around decentralization are going to to fall into place. You know, how are you thinking about that from a platform perspective and and where hash can maybe play a role in that transition?

Mykolas Rambus [00:12:34] Sure. So, you know, they’re often talked about two or three large data nexuses, right? You’ve got the U.S. most broadly, you’ve got Europe broadly, and you’ve got Asia particular Asia-Pac with China broadly. Right. In terms of markets in Intel, if an internal U.S. looks at data privacy as a fundamental right and legislates accordingly, I don’t see that happening in this market. It could happen in Europe. It’s happening. I think it could happen even more in APAC as well. But we’ll see, right, if it’s ever going to come to these shores. You know, in last night’s State of the Union address, President Biden mentioned, you know, being able to pull back on some of the ways that our data is traded, manipulated in the United States, that we’ll see if that comes to pass. So, you know, unfortunately, I hate to be the that the you know, the down person on where this can go in the U.S. But there are just so many entrenched interests and organizations who all have a desire, right, to get access to our data as consumers. Right. Whether it’s the mobile phone company, whether it’s the retailer that you shop at, whether it’s the school you know, that your kids attend, everyone has has a stake in that information. And we so far, the infrastructure, you know, just isn’t evolved to be able to manage that or to self manage that effectively. So again, I think we are, you know, a great many years out, unfortunately from seeing that happen in terms of how that could happen and how it can evolve, certainly making it easy for the interchange to happens. You ask about product development and so there is not a great standard at all for how consumers can ask and interact with brands. That’s something that we’re looking to develop and scale over time, right? Think of solutions like Dioxane, for example, where we’ve got have at least a reasonable way of handling electronic signatures between organizations, between people. But even that right has a burgeoning competitive scene. I think we’ll start to see more things like that, right? In terms of consumer data management, that will be, we believe, the next evolution is can we at least get to that standardization? And then beyond that, okay, then we can help people manage their data between counterparties.

Cameron D’Ambrosi [00:14:53] Yeah, I think that’s a that’s a fantastic point. And, you know, I sadly share your you know, maybe cynicism is a bit harsh, but let’s just say hesitance to declare that, you know, will see any sort of federal action on these issues in the short term. You know, I think it’s always going to be a battle to get anything passed at a federal level these days with the the polarization as high as it is. And, you know, I know President Biden mentioned in his his recent State of the Union that he’s going to push for some bipartisan legislation. I know there’s some initiatives that are gaining some bipartisan traction, especially with regard to, you know, children’s data in particular, but certainly nothing on the scale of a CPA or certainly not a GDPR at the federal level. So, you know, I think we, you know, from the limited perspective, have been advising our clients to expect to see state level initiatives kind of picking up a lot of that slack in many jurisdictions and to not hold your breath for, you know, anything coming over the top at the federal level that’s really going to move the needle.

Mykolas Rambus [00:16:10] Agreed. Although I will say there is one one positive light. I’d say I there’s there’s many. But one positive way particularly. Right. So late last year, Congress passed the Daniel annual Act. I’m not sure if it maybe this was the sadly, the federal judge who was targeted at her home and family members were killed. And she said, you know, after this all happened, that the assailant had a dossier on her and her family. And so Congress recently passed a law that makes it illegal to trade in the information of federal judges. I think that could happen in other parts. You know, the fact that there isn’t that kind of protection in place for members of our armed services for other parts of law enforcement, I think is a mistake. I think that well, could be an evolution of where we really start to see this happening for federal employees first.

Cameron D’Ambrosi [00:17:05] Yes. Well, you know, I hope that we certainly get those protections in place and then, you know, hopefully expand them to to everyone, including those folks who are are not judges as well. But, you know, share share your optimism that, you know, it’s a start, as they say. So to bring us on home here. You know, we’ve talked a little bit about, you know, the future state and, you know, where you expect to see the platform. Wanted to open it up more broadly. You know, as we look out into 2023 and beyond, you know, what are some other major trends that that you expect to see impact this consumer space? And, you know, how do you plan on on shepherding hush as a platform to kind of react to those trends?

Mykolas Rambus [00:17:54] Sure. So there’s a lot of activity where we get very much focused on the enterprise view and how do we help CISOs and their CEOs and the boards who are consistently under attack, you know, reduce their risk? You know, I think there’s a few things that we’ll see. One, we anticipate, you know, insurance and underwriters shifting to a place where they require a degree of employee protection. And I think this has broad implications for how we identify, authenticate and manage our own personas outside of the office. Yes, there’s some companies that are coming back, but the reality is we’re still going to be outside, we’re going to be remote. We’re going to be operating from from all kinds of places, whether it’s coffee shop down the street or, you know, across the world on a beach. And so making sure we have the right tools to enable employees do that successfully, I think is still going on. So that’s one, too. Like I mentioned before, the world of deepfakes continues to evolve, involve fast, as much talk as there is about, you know, tragic between the like and the underside of that is the impersonation attacks that are happening daily and whether it’s someone’s voice being recorded in deliver by voicemail to a accounts payable clerk to send money. We’ve we’ve seen it all and I think as that gets easier to deploy, organizations will be grappling with that more than ever. And we as an organization are investing to make sure that that we can build solutions for impersonation and deepfake detection at the same time. So just as a bit of our roadmap, the last thing I’ll say is I think consumers are now in certain states. Right now we have five states that have a version of California CCP on the books, another four that are discussing it, and I suspect more that will happen this year. And so as consumers get more empowered, they will look for solutions that help them go beyond not just what they can find via a Google search or what they can find with a more robust tool like ourselves. But hey, what is what does Amazon know about me, right? What does Netflix have on me? And so I think that’s the the interim bridge is from a roadmap perspective, really being able to offer employees the ability to pull back information from any organization around the world that we’re very excited for.

Cameron D’Ambrosi [00:20:14] I love it. So last bit here, what I like to call shameless plug moment for folks who are listening, you know, especially the CEOs out there thinking, you know, gee, this is something that I would like my employees to have access to. What is the best place for them to go to learn more about hush or to get in touch with you?

Mykolas Rambus [00:20:36] Well, thank you for the opportunity to do a shameless plug. Go hush Dot com is our Web site, and that’s where you can find more information about our organization, what we do, how we protect executives and their teams before it’s too late. You know, we have plenty of customers who have as incidents and we say, gosh, if you only called a month ago. So yeah, learn more. Go high school.

Cameron D’Ambrosi [00:20:59] Fantastic. Well, thank you so much for your time. I really, really appreciate it. Best of luck to you in this coming year. And, you know, I look forward to catching up with you again soon to check back in and hear about your progress.

Mykolas Rambus [00:21:11] Thank you very much.

 

Explore The Podcast Library

Episode 343

In the latest State of Identity podcast, hosted by Cameron D’Ambrosi, we’re joined by Laura Spiekerman, co-founder and president of Alloy, a global identity risk solution for financial services and a Liminal 2023 Company to Watch. We’ll discuss its pioneering role in the orchestration-centric approach to Digital Identity in Fintech. Spiekerman delves into the challenges Alloy addresses in the fintech space, where compliance and fraud often hinder innovation. Join us to explore the evolving landscape of digital identity in Fintech, trends in fraud prevention, and the critical intersection of customer experience and security.

Episode 342

In the latest episode of the State of Identity podcast series, we delve into the ever-evolving world of customer identity and access management (CIAM). Join host Cameron D’Ambrosi from Liminal as he sits down with Brian Pontarelli, the founder and CEO of FusionAuth, to explore the exciting developments and challenges in the realm of passwordless authentication, user data management, and the quest for seamless transitions in the digital landscape. Bryan shares his expertise and unique perspective, shedding light on the fascinating journey of FusionAuth and its pivotal role in this dynamic landscape. Tune in for a thought-provoking discussion that promises to expand your understanding of CIAM and its critical role in the modern enterprise.

Episode 341

Tune in to the latest episode of the State of Identity podcast series, where Data Security expert Shane Curran, Founder and CEO of Evervault, dives deep with host Cameron D’Ambrosi into the intricacies of data security. Discover why basic encryption methods aren’t enough, understand innovative data security strategies that ensure functionality, learn how encryption safeguards AI model training without compromising customer data, and grasp the significance of prioritizing current cybersecurity threats over quantum computing concerns.

Episode 340

In the latest episode of the State of Identity podcast, host Cameron D’Ambrosi is joined by Gadalia Montoya Weinberg O’Bryan, an ex-NSA crypto mathematician and the Founder and CEO of Dapple Security. Learn about Gadalia’s remarkable journey from the National Security Agency to the forefront of identity-focused cybersecurity. Learn about the limitations of current passwordless approaches, particularly in scenarios involving lost or stolen devices, and delve into the crucial distinction between authenticating the user behind the device rather than the device itself. Gadalia introduces Dapple Security’s unique solution, which involves generating an on-demand passkey using a user’s fingerprint—emphasizing the company’s commitment to user privacy by avoiding the storage of biometrics on the device or in the cloud—and how this approach is a key element in enhancing overall security posture.

Episode 339

In this episode of the State of Identity podcast, host Cameron D’Ambrosi talks with Eric Olden, the co-founder and CEO of Strata Identity. Join us as they discuss the challenges faced by today’s multi-vendor/multi-cloud enterprise technology landscape and how forward-looking executives view identity as an opportunity, not a cost center. They also delve into the importance of moving towards passwordless authentication and the role of identity orchestration in addressing these challenges.

Episode 338

In this episode of the State of Identity podcast, Liminal host Cameron D’Ambrosi and Justin McCarthy, the co-founder and CTO of StrongDM explore the dynamic landscape of digital identity and access management, addressing the challenges and trends that shape the industry. They talk about what it means to move towards a “credential-less” world and discuss the complexities of authentication, authorization, and the role of proxies in bridging old and new technologies. McCarthy highlights the imperative for convergence among various tools, including the essential role of AI, providing a unified approach to access control, governance, and policy enforcement.

Filter by Content Type
Select all
Research
Podcasts
Articles
Case Study
Videos
Filter by Category
Select all
Customer Onboarding
Cybersecurity
Fraud and Risk
Go-to-Market
Growth Strategy
Identity Management
Landscape
Market Intelligence
News
Transaction Services