Honesty! And what Okta could learn about that

Honesty! And what Okta could learn about that

Yoooooooooo! Hopefully my security superheroes are KILLING IT THIS WEEK! This being said, This will be part 2 of 4 of my review of Okta's history of handling bad security events. In today's blog, we are going to show how a company can turn a bad event, with multiple failures and somehow make it worse. ☢️

 

For the past six weeks or so, I have been looking into this story which keeps on getting worse and worse and worse the more we read about it. Yes that's three worsts more worse than what we started with! 😢 That’s bad.

 

What happened this time you might ask? Even after the slow response in warning their clients that they have been hacked...even though 1Password, Beyond Trust, and Cloudflare all reached out proactively to Okta to advise them that there was a disturbance in the force... it seems like their first report that only a handful of clients were affected is also incorrect...let's cut to the chase, its all of them! 😳

 

Yes! All Okta clients were affected by this. Not a subset, not a small number...all of them. 🤯

 

Again, we are all going to fall victim to a bad security event 🥷 at one point in our lives this is not the issue here. Not only was Okta's response abysmally slow, but it was also crafted to make Okta less culpable… the entire security event Okta was more worried about their reputation than actually trying to proactively help their clients.

 

Forrester's Maxim says. “...generally speaking, people are forgiving of security breaches. Where they are less forgiving, is when there’s inadequate or incomplete responses to breaches.”

 

Massive Okta Breach: What CISOs Should Know (informationweek.com)

 

What Maxim is alluding to is something that I have preached for decades to my teams... at the end of the day you can be the smartest person in the room, if no one trusts you then you are done! Honesty is the bulwark of what we sell... Many of us think that we sell technology, knowledge, or experience but I completely disagree.

 

⛨ We sell trust. ⛨

 

If people do not trust us then they will not buy anything we have to say or sell. Let's face it, sometimes when we start talking to people who don't know our lingo we sound like mad sorcerers 🧙 casting hard to pronounce spells here and there...And to a degree some of us do create magic.. But none of that matters if trust is broken.

 

Honesty 😍 will be a recurring theme of mine as it is truly the cornerstone of all my teams. When I am training new teams it's one of the first slides that I present... the honesty slide is quickly followed by the accountability slide. In fact, my first 20 slides deal with The IT culture, filled with decades worth of mantras that generations of team members can still recite to this day...

 

A question I get from time to time is, how do one determine someone's honesty...how you know if people/companies are going to lie to you? Simple, I merely cast "Detect Truth" spell and roll a d20.  🎲

 

Its honestly more simple than rolling the dice as the clues are everywhere... if they lie to their loved ones 💔, if they lie about stupid little things in life, if they lie to their wives, their children, if they lie about how many people were affected in the hack... then they will most assuredly lie when something big is at stake. They will surely lie to you..🙀

 

The other weird universal truth about those who are dishonest is... For every lie you catch there's a few more that you didn't catch.  My worry is not about what we know they have lied about, my worry is about the lies we don't know about yet.

 

Okta has a long road ahead in regaining our trust... and I truly hope that they do. Here's to more happy futures, less bad security events, and most of all...

 

Honesty!
 

What do you think? Contact Us!

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.