Advertisement
Canada markets close in 1 hour 9 minutes

  • S&P/TSX

    22,307.55
    -68.28 (-0.31%)
     

  • S&P 500

    5,220.94
    +6.86 (+0.13%)
     

  • DOW

    39,493.72
    +105.96 (+0.27%)
     

  • CAD/USD

    0.7316
    +0.0005 (+0.07%)
     

  • CRUDE OIL

    78.34
    -0.92 (-1.16%)
     

  • Bitcoin CAD

    82,785.26
    -2,175.09 (-2.56%)
     

  • CMC Crypto 200

    1,253.79
    -104.21 (-7.67%)
     

  • GOLD FUTURES

    2,374.90
    +34.60 (+1.48%)
     

  • RUSSELL 2000

    2,055.72
    -17.91 (-0.86%)
     

  • 10-Yr Bond

    4.5020
    +0.0530 (+1.19%)
     

  • NASDAQ

    16,336.57
    -9.69 (-0.06%)
     

  • VOLATILITY

    12.73
    +0.04 (+0.32%)
     

  • FTSE

    8,433.76
    +52.41 (+0.63%)
     

  • NIKKEI 225

    38,229.11
    +155.13 (+0.41%)
     

  • CAD/EUR

    0.6787
    +0.0009 (+0.13%)
     
MARKETS LIVE BLOG:

STOCKS MIXED AS DOW EYES GAIN FOR 8TH STRAIGHT SESSION

Fed's Michelle Bowman echoes higher-for-longer mantra for interest rates

'Account takeovers have exploded... bad actors know this is the best time to strike': Expert on Robinhood data hack

Yahoo Finance Video

Ping Identity Chief Customer Information Officer Richard Bird joins Yahoo Finance’s Zack Guzman to discuss trading account threats in the wake of Robinhood's recent data hack

Video Transcript

ZACK GUZMAN: We're learning more about the Robinhood security breach that resulted in nearly 2,000 stock trading accounts getting hacked, according to a Bloomberg report. In some instances, users discovered some breaches were tied to corresponding email hacks, as well, and others from fake documents being uploaded to Robinhood servers. It's the latest high profile security breach in what has been a growing problem for Americans here as more things move to online.

And joining us now to discuss the risks tied to that is Richard Bird, Ping Identity chief customer information officer over at Ping, one of the largest security companies trying to tackle this problem. And Richard, talk to me about what this kind of speaks to in terms of the larger problem in total here when we think about Americans dealing with this, whether it's at Robinhood or anything else that they're interacting with online.

ADVERTISEMENT

RICHARD BIRD: Yeah, and when you look at the Robinhood hack, I think you got to be a bit cynical if you work in the security trades. Because it's fair to say that Robinhood security was no better and no worse than the vast majority of companies, as well as governments and organizations here in the United States. That's neither necessarily a good thing or a bad thing.

But when we look at the mechanics of how this particular exploit played out, we've seen it over and over and over again for 20 years. Basically, an account takeover, and account takeovers in the US during this COVID period have exploded, fraudulent account takeovers, synthetic fraud, because the bad actors know that during bad times, this is the best time to strike, right? People are extracting money from their accounts, they're moving money, they're investing money.

And with this going on, you know, basically, it creates a smokescreen for the bad guys to wiggle their way in and use all of the identity data that they've collected over breaches and exploits and hacks for the last decade and use it to make a fake you and steal your stuff. So it's pretty consistent. I think the frustrating part is is that obviously with, you know, new tech companies coming online, there should be an assumption on the consumer's part that security is part of the overall equation.

And in fact, security just kind of gets buried in the overall investment portfolio for operations for all companies. And, you know, it gets underfunded.

ZACK GUZMAN: Yeah, I mean, when we talk about trying to solve the solution is to talk about two-factor authentication. That was one thing here that is not an end all, be all, because in some cases reported here, Robinhood users who had that turned on were still impacted by this. Obviously, your company focuses on this in trying to prove you are who you say you are. A lot of enterprises using your services here, similar to what is offered by Okta and some of the other security companies focusing in on it.

So what are the solutions, then, out there to avoid something like this from occurring, to make sure that the safeguards are in place, so you don't see it again?

RICHARD BIRD: Well, I think there's two parts to the solution. There's the immediate current state, which is what I recommend to everybody from family members to heads of governments, which is, until we move forward with true digital identity improvements and actually proving that you are who you say you are in the digital, the most important thing to do right now is monitor, right? So I think it's really interesting, the 2FA, you know, component of the Robinhood issue.

When you look at it, it's problematic. Two-factor authentication was optional, right? This is money. These are transactions. I wouldn't walk into any of the brokerage firms that I do business with and go, I'm going to choose the least amount of protection. I would expect that the brokerage house would go, we expect you to use the maximum amount of security available that we're providing to you.

But when you look at the future state, you know, digital identity has kind of been a non-thing. You have accounts and you have passwords. For 90 plus percent of all Americans, your account and your password is going to be the same for every single online service that you use. We need to move to a construct where you have the authority, the ability within your own wallet, whether it's a virtual wallet or a physical wallet, to prove that you are who you say you are.

And that's really where digital identity is going, the ability to take a authorized and authenticated credential that proves that I am who I say I am way better than the laundry list of password constructs and email accounts that I've used to do business in the past.

ZACK GUZMAN: Yeah, and I mean, we talk about the spike in, I guess, nefarious activity and bad actors trying to exploit some of those security gaps. I mean, have you seen an uptick in companies now reaching out to paying-- talking about, look, we need to solve these, since we know the risk's getting bigger?

RICHARD BIRD: Yeah, absolutely. It's really been fascinating. There were two dynamics in the pandemic period. The first was, you know, the need to get people working from home remotely. And that was challenging, right, because nobody had a business recovery plan that said, 100% of my workers are going to go home and work remotely, and 100% of my customers are now going to transact with me digitally.

So, you know, that wasn't within the plan, and we had to sort through that piece. What we've seen in the last 60 days has been a huge rush for secured customer access. Because of the account takeovers, because of the fraudulent activity, large corporations in the United States, as well as Australia, Canada, the UK, EU, they're recognizing that we have a huge weakness in being able to manage security and privacy for customers. And we're seeing just a tremendous amount of energy in fixing that problem.