As the sun rises on 2019, it will also be shining on a new equities exchange application. The launch of Members Exchange (MEMX), founded by a consortium of nine financial services firms, was announced this week, and according to the press release, it will apply for U.S. Securities and Exchange Commission (SEC) approval in early 2019. Given the IEX exchange application approval and the public fights between the incumbent exchanges and their members, the introduction of a new exchange application should be no surprise. There are already 13 exchanges and over 45 equity alternative trading systems (ATSs) operating in the U.S.; MEMX will make number 14.
First, there were just usernames. Then came usernames and passwords. Then came multifactor authentication (MFA), which requires something you know, such as a username and password; something you have, such as a one-time password token; or something you are, such as biometrics using your fingerprint or a retina scan. Now frictionless identity access management (IAM) is the “soup du jour” as companies work to make MFA more effortless for the end user. Many of the chief information security officers with whom I've spoken attribute the lack of MFA adoption in the enterprise and in web applications to the amount of friction it causes for the end user.
Bugs, also referred to as software vulnerabilities, are flaws that can be abused to cause a system or software to have unintended behaviors that disclose sensitive information, negatively impact availability, or provide unauthorized access. These bugs are what malicious hackers use to successfully achieve their after-action goals in a long kill chain of steps. Thus, the life cycle of a vulnerability to active exploitation can be described as starting with vulnerability researchers’ or malicious hackers’ discovery of a bug in a software or application, and if the bug is found by a malicious hacker, the active exploitation of the bug in the "wild" until the manufacturer or developer creates a fix or patch that renders the exploit ineffective.
I've seen a lot of board rooms over the last 18 years and have met with boards of directors for companies with as few as 100 employees and companies with as many as 50,000 employees. In every one of these meetings, I've been asked the inevitable, arguably rhetorical question, "Are we secure yet?"
“Dear password, we’ve been together for over 28 years now. As a matter of fact, you were my first authentication mode. You made sense at one point in my life when I needed something that simply just worked. Now, you aren’t enough for me ; I need more — something you can’t offer. It’s time for me to move on and leave you in my past. We grew up together since telnet; we worked perfectly together with Secure Shell (SSH), even though at the time there were better alternatives, such as keys. But now, I’ve sat back for too long now and watched others abuse you, and I love you too much to watch people treat you like you’re nothing but password123 or letmein.”
- Love always, Alissa Knight