Former member of elite hacker group w00w00, Dug Song co-founded Duo Security in 2010. The company was bought by Cisco for $2.35 billion in 2018. In an exclusive interview, he talked to GlobalData’s Verdict about the current security challenges facing the tech world.

Arguably, security is getting much better, with more safety being built by default right into the things we use daily, such as our phones, tablets, and cloud services,” Song said. “As security becomes increasingly built-in rather than bolted on, threats will continue to shift to what is softer and squishier – the user.

“Humans don’t evolve as quickly as technology, thus, a lot of those threats will continue to target people rather than infrastructure,” he continued. “In today’s age of hyper-connectedness, organizations are no longer monoliths, but ecosystems of users, partners, vendors, etc. Thus, threats will increasingly target third parties that organizations rely on or partner with. Many of today’s breaches have been caused by risks outside of the organization’s control but in the scope of their dependency. Attackers will be going further and further up the supply chain and technology stack, targeting partners and vendors that organizations use.

Song explained that the true enemy of security is complexity and the most important thing organizations can do to stay safe is simplify and get the basics right.

“To protect their users and data, organizations need to ensure they practice basic security fundamentals, which includes data encryption and backup, timely patching of software, utilizing password managers, multi-factor authentication, and overall device hygiene such as ensuring browsers and operating systems are up to date,” he said. “Think of it like washing your hands to prevent the spread of disease rather than needing a hazmat suit.”