The pandemic has not only significantly accelerated digital transformation in all industries. It has further established digital services as one of the foundational pillars of the transformation of economies worldwide. For example, payments are becoming increasingly cashless, ubiquitous, instantaneous, and invisible. This global shift is here to stay and as our behaviors adapt, cybercriminals and fraudsters continue to innovate. As we continue to live our lives remotely never has the importance of being able to distinguish between genuine and fraudulent interactions been more felt. Digital identities, how we create them, and how we protect them is at the epicenter of this change.
Attackers are not breaking in – they log in
Although businesses in all sectors are actively adopting security controls like identity and access management to protect their data and resources, technology is evolving at such a fast pace that humans cannot keep up. Many are wrongfully saying that “people are the weakest link” in the security chain, but how can one blame an employee for being tricked by sophisticated social engineering attacks just because they are working remotely?
It is not only technology that is evolving. Cybercriminals have become so creative that they always find countermeasures to almost every solution that enterprises are deploying. And they are always going after the weakest link in a corporate security posture – weak passwords, lack of security awareness, lack of digital skills. The examples are numerous, and they are spreading across all industries. Uri Rivner offered some insights from the UK banking sector where criminals have bypassed the strong customer authentication policies by launching what is known as authorized push payment scams (APP scams), resulting in even greater losses because of financial fraud and scams.
Security analytics and customer experience are essential
Although multifactor authentication is crucial for preventing a great percentage of attacks, however, is not enough – not in today’s rapidly changing threat landscape. Enterprises need to evolve their identity and access management policy towards a modernized authentication solution. As Uri and I agreed, we need to leverage multiple data layers that would allow us to map a legitimate behavior versus a malicious one.
Not only do we need to examine contextual data like location and device, but we also need to consider behavioral insights, look at micro behaviors such as hesitation, distraction, and rest. Having all these data layers, we can then leverage machine learning to aggregate them into a coherent analysis that indicates abnormal behaviors.
Besides enabling artificial intelligence and machine learning to enhance our security posture, it is equally important to consider customer experience. For example, the best authentication tools today rely on mobile applications. What happens if a ratio of your employees cannot use their mobile phone, or they are reluctant about their employee installing an app in their personal mobile? This gap is a gate big enough for the attackers to exploit it.
Enterprises need to invest in deploying security solutions that protect data, reduce fraud and scams, and provide a great experience. While there is no single silver bullet that can address all these security challenges, investing in tangible and intangible security measures armed with as many data points as possible can greatly improve the safety of digital identities. It is also important to go back to the basics since these are the foundations of every security solution.
If you want to find out what insights Uri Rivner and I shared, listen to the full Thales Security Sessions Episode, Digital Identities and Digital Security - Is the Future of Digital Identity Safe?