By 2025, the total global cost of cybercrime is expected to reach US$15tr, the approximate GDP of China and the United Kingdom combined. The hours spent navigating ransomware, hefty asset recovery costs, and operational stagnation can mean financial and reputational ruin for organisations across industries. For some, high-impact digital breaches have eroded consumer trust in the business, leading to an exodus of customers toward industry competitors.
These rising costs track with the failure of legacy identity authentication solutions to keep pace with increasingly sophisticated cybercriminals. By 2023, Gartner predicts that 80% of organisations will fail to meet security, privacy, usability and scale requirements – unless senior leaders properly tend to their business’s identity and access management needs. In short, as legacy IT security tools lag, and as enterprises fail to deploy newer alternatives, fraud is becoming substantially more sophisticated and expensive. And in the realm of corporate reputation, regaining customer and employee trust after exposure is virtually impossible.
Here’s the hard truth: Often, hackers succeed due to individual and enterprise behaviours that leave users vulnerable to exposure. Despite the prevalence of phishing, smishing, password spraying, and other common cyber infiltration techniques, consumers and organisations continue to engage in risky password behaviour. Using “password” or “12345” as your password will unfortunately no longer suffice. Likewise, many organisations have jeopardised employee and customer data – and their own digital assets – by relying on outdated identity authentication solutions to keep them safe. Two identity authentication mainstays, one-time SMS pin codes (OTPs) and knowledge-based authentication (KBA), can no longer outsmart digital bad actors. The former can be rerouted, and even the most novice hacker can easily surface the answer to “What’s your mother’s maiden name?”
Failed to prepare, prepared to fail
The consequences of insufficient IT security infrastructure can be crippling. A few successful cyber breaches stand out on this front. In early 2020, hackers infiltrated the file server of American software company SolarWinds, embedding malicious code into its “Orion” software product. The malware then infected thousands of enterprises, as well as the U.S. Treasury Department and other federal agencies, via compromised updates that the company unknowingly released. The alleged source vulnerability? In 2017, a SolarWinds intern unknowingly exposed the password for an internal server account, “solarwinds123”, to the public. The hack was, according to Microsoft President Brad Smith, the “largest and most sophisticated attack the world has ever seen,” and SolarWinds customers will spend an estimated $100 billion in recovery costs. And it likely started with weak password security.
And just a few months ago, hackers affiliated with the ransomware gang DarkSide infiltrated the network of the Colonial Pipeline Company, one of the largest oil and gas companies in the United States and the operator of a vital artery in the energy infrastructure of the Southeast. DarkSide temporarily halted operations until a ransom was paid in cryptocurrency, triggering an energy and supply chain crisis throughout the region that required federal intervention.
Out with the old, in with the new
Next-generation identity authentication technology likely would have prevented these breaches, but hope is not lost for those who have not changed their security strategy. There is growing interest among fintech and banking decision-makers in revisiting their digital security infrastructure, and these leaders have recognised that modernising their IT security is now a business imperative. They are voicing their concerns about legacy solutions and their critical need for alternatives. authID.ai’s 2021 Fintech Security Report, which polled fintech and banking leaders, found that 84% of respondents expect to increase investment in IT security, including identity authentication, in the next year. Of course, that growing investment bodes well for consumer privacy and organisational data security, but legacy solutions like passwords and one-time pin codes have proven themselves ineffective guardians against cybercrime.
Fortunately, decision-makers recognise that those legacy tools are overdue for replacement: 75% of executives surveyed harbour concern about the risks associated with legacy identity protection options like OTPs and KBA. While respondents’ familiarity with facial biometric identity authentication is high (88%), only 22% currently use this technology. So, despite misgivings about the older solutions they have had to rely on, many have not yet made the leap to the new and the next in IT security. Perhaps most crucially, though, 70% are also somewhat or highly likely to consider facial biometric identity authentication, the cloud-based mapping of one’s facial topography, as an alternative during the next year. Eliminating the need for passwords, facial biometrics is poised to shake up the enterprise security industry and meet the needs of organisations searching for more secure digital infrastructure.
Change starts now
Looking into 2022, cyber threats are a growing cause for concern for leaders, and they are listening to calls for change. They recognise that identity security has grown from a nice-to-have to a critical business need, and they are curious about alternatives. Fortunately, a range of new identity solutions have been put to market to obviate the need for additional authentication hardware or applications, and global interest in cloud-native identity management products has nurtured a more digital-first IT security industry overall.
As tech companies strive to meet critical security needs in the new year, the message is loud and clear: Cyber threats, and the investments in security required to overcome them, are top of mind, yet solutions cannot compromise ease-of-use and efficiency. Facial biometrics has already proven to be the worthy rival that can prevent hackers from wreaking havoc, and the market is making its excitement known. The future of cybersecurity is already here, and it’s password-less.
***
About the Author: Tom Thimot is the CEO of authID.ai, a provider of secure, mobile, biometric identity verification software products through an easy-to-integrate Identity as a Service (IDaaS) platform. authID.ai’s suite of self-service biometric identity proofing and authentication solutions aims to frictionlessly eliminate all usernames and passwords through a consent-based facial matching system. Powered by sophisticated biometric and artificial intelligence technologies, authID.ai aims to strengthen security and trust between businesses and their customers by helping to protect sensitive personal data.
Credit: Source link
