As we enter a brand new decade, it’s attention-grabbing to see how far we’ve come over the previous 10 years when it comes to entry and identification administration. When the 2010s started, solely 38 per cent of knowledge breaches used stolen credentials; by 2017, this determine was 81 per cent. Because the tempo of digitization has elevated, identification and entry assurance has turn into a crucial concern and the one most necessary management for managing digital threat.
From an eBay database being stolen utilizing worker credentials in 2014, to passwords from excessive profile breaches of firms together with Google, Yahoo and Hotmail all ending up on the market on the Darkish Net; identification has been on the coronary heart of a number of the main safety incidents previously decade.
Concerning the writer
Jim Ducharme, VP of Identification and Fraud & Danger Intelligence Merchandise at RSA Safety.
As we now have turn into extra reliant on digital interactions that depend on identities, new and unprecedented safety challenges have been raised. We want to have the ability to belief the gadget, the networks and the person; regardless that we are able to usually now not see who or what that’s. Identification has turn into an important weak spot that hackers are exploiting. However with the elevated concentrate on identification, there’s additionally a chance for organisations to strike a greater steadiness between endpoint security, innovation and an employee’s authentication experience.
We’ve already seen a huge rise in identity theft, with credentials for sale and thousands and passwords used to maliciously attack companies, but the next decade will see an evolution of identity security, with secure but user-friendly identity strategies on the horizon. From making use of new technologies, including those embedded in today’s smartphones, to eliminating the dreaded password altogether, we can expect the next ten years to transform the way identity impacts the corporate and hacker worlds in several key ways:
1. Credential theft becomes credential hijacking
We continue to see the same security trend echoed year after year – compromised credentials are the number one attack vector for malicious actors; the market for stolen corporate credentials has become a booming business for cyber criminals over the past decade. Looking ahead, however, we can expect hackers to begin to shift their attacks from simply using stolen credentials that are available on the dark web, to infiltrating password recovery mechanisms in order to harvest and then reset user credentials themselves. In other words, attackers will successfully take over user identities and re-establish them with new usernames and passwords, thereby gaining access to critical assets at organisations.
As the attack surface shifts from away from simply attempting logins with stolen credentials, the stakes will become much higher and will require a new security approach focused on employee monitoring to prove a user is who they say they are – even if they’ve logged in seemingly legitimately.
2. ‘Passwordless’ authentication is on the horizon, but we need to prepare for the consequences
As organisations continue to look for ways to protect users while making security as seamless and invisible as possible, we’ll see a huge increase in those adopting ‘passwordless’ security innovations. But while it’s becoming quite common to leverage face or fingerprint ID, today most passwordless authentication is still rooted and reliant on password management and usernames for account enrollment and recovery. Because of this, they are really “less passwords” rather than truly “passwordless”. As the journey towards true passwordless authentication continues, organisations will also need to think about the varying user needs across their organizations considering the dynamics at play. For example, as with any IT change, there’s likely to be an initial and evolving burden on help-desk support; users who are not required to use a password day-to-day are almost certain to forget and disregard credentials at a higher rate, thereby requiring more support than they did before.
3. Authentication will need a personal touch
As we move towards the passwordless world, organisations are today facing a plethora of choice when it comes to their authentication strategies. With constant innovation and evolution in technology, there are now many more ways than ever users can verify who they say they are and access resources; from push notifications, to behaviours, to one-time passwords, biometrics, hardware tokens and more. This can make it difficult for organisations to choose the appropriate authentication strategy. One thing is for sure: there won’t be a one-size-fits-all solution for the varying identity and access management needs across different organisations with dynamic workforces. What we can expect to see is organisations making much more personalised decisions on authentication, so they can strike their own balance between security and user experience.
4. Get ready for the rise of the machines
It’s not just employees that will present new identity challenges in the next decade – we’ll continue to interact with devices in new ways. It’s only a matter of time until smart home devices like Alexa, Siri, Google Home, smart lightbulbs and access devices like smart door locks will begin to transition from purely consumer devices to being leveraged in business and corporate settings. As these automation technologies aid us with more and more complex tasks, the need for these devices to understand who can command them and who they are acting on the behalf of will become much more critical. So, as we use tech-enabled personal assistance for more critical parts of our lives and businesses, it certainly will matter who ‘Siri’ and other devices take orders from.
Welcome to 2020!
As the next decade brings new technology, opportunities and challenges, identity will take front-and-centre priority in the cybersecurity conversation. With attackers developing smarter ways to compromise credentials and as automated devices become more widespread in our corporate worlds, identity will become both a key battleground and an opportunity. The blurring lines between corporate and consumer technology means any identity strategy needs to be both secure and convenient. Success will be all about striking the right balance.