Security Thought Leader on DocuSign Breach: “Yet Another Wakeup Call”

Adam Rowe

Digital signature service company DocuSign announced a security breach last Monday: A database of customer's emails had been stolen and used in a phishing campaign. But was the latest in a seemingly endless series of data breaches and hacking attempts actually that big a deal? Tech.Co sought the advice of one leader in the security sector.

We Need a Change

Robert Block, SVP of Identity Strategy at the security company SecureAuth, had this to say about the data breach and the stolen email list:

“The DocuSign breach is yet another wakeup call for organizations to move beyond simple user name and password based credential security, where attackers share this information causing further damage. The way organizations are approaching authentication and securing credentials needs to be rethought for cyber security strategy & investment to have any shot and being successful.”

Study: Does anyone actually care about their online security?

So What's in the Future?

Can we expect the problem to get worse? If we don't learn from our wakeup calls, nothing's going to change. Here's how Block suggests we push ahead:

“Even simple two-factor authentication is no longer enough to safeguard against today’s attacks. Pushing forward, organizations are realizing they need to adopt a fundamentally new approach to prevent to misuse of stolen credentials that doesn’t just add an extra step to users authentication process, but instead provides effective protection while providing a good user experience. Modern approaches such as adaptive access control techniques and identity based detection work invisibly to the user but work to protect, detect, and ultimately remediate attacks essentially rendering stolen credentials useless.

Once we focus on preventing misuse of instead of securing the credential than we will see a reduction in compromised credentials resulting in data breaches.”

In the meantime? We would recommend any DocuSign customers update their passwords and ignore any suspicious email.

Read more about cybersecurity at Tech.Co.`

This article was last updated on:
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Adam is a writer at and has worked as a tech writer, blogger and copy editor for the last decade. He's also a Forbes Contributor on the publishing industry (and Digital Book World 2018 award finalist) and has appeared in publications including Popular Mechanics and IDG Connect. When not glued to TechMeme, he loves obsessing over 1970s sci-fi art.

Explore More See all news
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals