Password management software vendor LastPass has hired a new chief information officer (CIO) to drive sales, anticipating demand in line with potential for AI driven identity and authentication threats.
Asad Siddiqui, who took the reins this month, said the company expects a “pivotal” time of transformation.
“I’m excited by the potential to help elevate security and bring technological innovations to ensure LastPass remains at the forefront of providing seamless and secure experiences,” he said in the announcement.
Siddiqui, previously CIO at SaaS provider Celigo, is expected to direct LastPass teams in the creation and execution of the technological vision, strategy and operating plans in support of business strategy, it said.
The vendor has been spotlighting risks from AI-powered phishing. An increase in large language model (LLM)-powered dynamic content may make detecting social engineering harder, it said.
In a LastPass social-engineering focused survey, some 95% of the IT and security professionals who responded agreed that social engineering attacks have become more sophisticated in the last year.
Alex Cox, director of threat intelligence at LastPass, said that the evolving landscape of AI-fuelled social engineering attacks meant security practices must adapt. LLMs mean criminals can also coordinate their assaults with more precision and customisation.
“IT and security leaders recognise this threat,” Cox said, with less reliance on passwords rapidly becoming more important in many organisations’ defences.
Phishing and other types of social engineering attacks focus on fooling people into revealing information or data that compromises their own or their organisation’s security.
According to LastPass, 81% of respondent businesses saw more phishing attacks in the past year, with phishing expected to remain a major threat versus business email compromise, vishing, smishing or baiting.
“While 88% of respondents feel confident in their phishing testing programmes, only 16% actually identify 75-100% of suspicious activity within these phishing testing programmes,” it said.
“Bad actors can use generative AI to whip up traditional phishing emails in far less time than it takes to craft those messages by hand,” noted LastPass in this blog post.
The vendor said that replacing passwords with passkeys will typically enhance resilience against social engineering, with password managers helpful in preventing user credentials from being exposed via social engineering.