INSUBCONTINENT EXCLUSIVE:
As we enter a new decade, it’s interesting to see how far we’ve come over the past 10 years in terms of access and identity management
When the 2010s began, only 38 per cent of data breaches used stolen credentials; by 2017, this figure was 81 per cent
As the pace of digitization has increased, identity and access assurance has become a critical issue and the single most important control
for managing digital risk. From an eBay database being stolen using employee credentials in 2014, to passwords from high profile breaches
of companies including Google, Yahoo and Hotmail all ending up for sale on the Dark Web; identity has been at the heart of some of the major
security incidents in the past decade. About the authorJim Ducharme, VP of Identity and Fraud - Risk Intelligence Products at RSA
Security.As we have become more reliant on digital interactions that rely on identities, new and unprecedented security challenges have been
We need to be able to trust the device, the networks and the user; even though we can often no longer see who or what that is
Identity has become a crucial weakness that hackers are exploiting
But with the increased focus on identity, there’s also an opportunity for organisations to strike a better balance between endpoint
security, innovation and an employee’s authentication experience. We’ve already seen a huge rise in identity theft, with credentials
for sale and thousands and passwords used to maliciously attack companies, but the next decade will see an evolution of identity security,
with secure but user-friendly identity strategies on the horizon
From making use of new technologies, including those embedded in today’s smartphones, to eliminating the dreaded password altogether, we
can expect the next ten years to transform the way identity impacts the corporate and hacker worlds in several key ways:1
Credential theft becomes credential hijackingWe continue to see the same security trend echoed year after year – compromised credentials
are the number one attack vector for malicious actors; the market for stolen corporate credentials has become a booming business for cyber
criminals over the past decade
Looking ahead, however, we can expect hackers to begin to shift their attacks from simply using stolen credentials that are available on the
dark web, to infiltrating password recovery mechanisms in order to harvest and then reset user credentials themselves
In other words, attackers will successfully take over user identities and re-establish them with new usernames and passwords, thereby
gaining access to critical assets at organisations. As the attack surface shifts from away from simply attempting logins with stolen
credentials, the stakes will become much higher and will require a new security approach focused on employee monitoring to prove a user is
who they say they are – even if they’ve logged in seemingly legitimately.2
‘Passwordless’ authentication is on the horizon, but we need to prepare for the consequencesAs organisations continue to look for ways
to protect users while making security as seamless and invisible as possible, we’ll see a huge increase in those adopting
‘passwordless’ security innovations
But while it’s becoming quite common to leverage face or fingerprint ID, today most passwordless authentication is still rooted and
reliant on password management and usernames for account enrollment and recovery
Because of this, they are really “less passwords” rather than truly “passwordless”
As the journey towards true passwordless authentication continues, organisations will also need to think about the varying user needs
across their organizations considering the dynamics at play
For example, as with any IT change, there’s likely to be an initial and evolving burden on help-desk support; users who are not required
to use a password day-to-day are almost certain to forget and disregard credentials at a higher rate, thereby requiring more support than
Authentication will need a personal touchAs we move towards the passwordless world, organisations are today facing a plethora of choice when
it comes to their authentication strategies
With constant innovation and evolution in technology, there are now many more ways than ever users can verify who they say they are and
access resources; from push notifications, to behaviours, to one-time passwords, biometrics, hardware tokens and more
This can make it difficult for organisations to choose the appropriate authentication strategy
One thing is for sure: there won’t be a one-size-fits-all solution for the varying identity and access management needs across different
organisations with dynamic workforces
What we can expect to see is organisations making much more personalised decisions on authentication, so they can strike their own balance
between security and user experience.4
Get ready for the rise of the machinesIt’s not just employees that will present new identity challenges in the next decade – we’ll
continue to interact with devices in new ways
It’s only a matter of time until smart home devices like Alexa, Siri, Google Home, smart lightbulbs and access devices like smart door
locks will begin to transition from purely consumer devices to being leveraged in business and corporate settings
As these automation technologies aid us with more and more complex tasks, the need for these devices to understand who can command them and
who they are acting on the behalf of will become much more critical
So, as we use tech-enabled personal assistance for more critical parts of our lives and businesses, it certainly will matter who ‘Siri’
and other devices take orders from.Welcome to 2020!As the next decade brings new technology, opportunities and challenges, identity will
take front-and-centre priority in the cybersecurity conversation
With attackers developing smarter ways to compromise credentials and as automated devices become more widespread in our corporate worlds,
identity will become both a key battleground and an opportunity
The blurring lines between corporate and consumer technology means any identity strategy needs to be both secure and convenient
Success will be all about striking the right balance.
