Businesses must be aware of current cybersecurity trends to lessen cyber-attack risks and keep corporate information safe. October is also known as Cybersecurity Awareness Month, which emphasizes the need for organizations to assess their cybersecurity practices and take note of different cybersecurity trends.
When evaluating Identity, Access Management, and Authentication strategies, enterprises must be aware of human vulnerabilities. Even Big Tech companies are vulnerable to data breaches. The main reason for this is human error, wherein employees or vendors become victims of social engineering attacks.
One example is Uber, which faced a data breach because of a smishing scheme and multi-factor authentication (MFA) social engineering attack. The hacker was able to convince an employee to give information, disclosing their password and giving bad actors access to the company’s systems, including Uber’s Duo, AWS, and Google Workspace.
Research suggests that a robust FIDO2 passwordless authentication is the appropriate action to avoid these cyber attacks. Human-driven security vulnerabilities also require human factor authentication, such as biometrics.
Another cybersecurity theme this year is the shift away from knowledge-based authentication, such as passwords. The big tech company, Apple, announced at its Worldwide Developer Conference this year that it will be launching passwordless logins across its products. This was dubbed as a significant shift to password elimination. Other tech companies like Microsoft and Google have also pledged to take passwordless initiatives and lauded FIDO2 authentication standards that enable passkey technology.
However, passkeys also need to catch up in some ways. Some of its issues include tech ecosystem lock-in, challenges in password recovery, and user experience issues with websites that have not implemented FIDO2. Additionally, passkeys from major tech companies are not enterprise-grade solutions. Businesses need a more robust level of identity assurance and authentication management solutions.
Ethical Considerations in Biometrics
Although biometrics is becoming more prominent today, there are recent ethical discussions regarding its use. In 2022, biometric ethics and privacy became the subject of debate as Clearview AI and Onfido faced legal and political trouble due to their approaches to using biometric data.
As these companies’ actions catch the attention of policymakers and lawmakers, it could lead to better policies in the deployment and ethical use of biometrics. This will help protect customers and their data instead of exploiting them. Significant foundations of ethical biometrics include explicit informed consent, biometrics that are free of bias based on physical appearances, and an opt-in rather than an opt-out model for using biometrics.
Zero Trust Expands
Even though Zero Trust has been a topic of discussion for quite a while, escalating supply chain and ransomware attacks and the ubiquity of remote workers have brought Zero Trust back into focus. In 2022, the White House released an Executive Order which declared that the government would pursue a Zero Trust strategy. Following this development, numerous industries have also started to adopt Zero Trust strategies, such as financial services, healthcare, and education.
For more information about the different cybersecurity themes to keep in mind for Cybersecurity Awareness Month, visit authID through their official website at https://authid.ai.