Wednesday 2 January 2019

Cyber Security Predictions for 2019

A guest article authored by Jim Ducharme, Vice President of Engineering and Product Management at RSA

1. Prepare for IOT, the “Identity of Things”
From personal assistants, to wearables, smartphones, tablets and more, there is no shortage of connected devices. The explosion of IOT has finally reached a tipping point where the conversation of identity will start to take on a whole new meaning. The billions of new digital identities being created don’t come without risk – including new privacy and cybersecurity vulnerabilities. With businesses and consumers all in on IOT, how do we protect and securely manage the “identity” of the things? 

2. Biometrics vs. the Four-Digit Pin
Biometrics are under a lot of pressure these days to be the silver bullet of authentication. So how could a simple 4-digit pin, which has at most 10,000 possible combinations, give biometrics like FaceID with a 1 in 50 million entropy a run for its money? The industry will come to realize when 4-digit pins are combined with AI and machine learning, the four-digit pin, similar to what has been used for decades to protect access to our bank accounts, can provide a very high level of security. The ultimate goal for identity and access management is not to find the unbreakable or “unhackable” code for authentication, but rather, to layer security to create a much stronger identity assurance posture. AI and machine learning will be a game changer, allowing for intelligence-driven authentication that will open up additional options of security layers for organizations.  

3. Death of the Password?
We have long seen predictions that passwords are in their final days. But it’s time to come to grips that passwords will be here for a long time. But perhaps there is still hope that while we may be living with passwords for generations to come, they may be a lot less scary than the monster we have created. It’s time to reverse the trend of how complex passwords have become (MyKitsH8Me!) and how hard they are to manage (having to change them every 60 days) in an attempt to improve password strength. We can uncomplicate the password and unburden it from having the ultimate responsibility of security. A much more simple password coupled with additional layers of risk-based authentication, especially those factors invisible to the user like behavioral, location and device context, and even transparent biometrics can help businesses better secure access to critical resources.

4. A New Generation of Risk-based Authentication
With a seemingly endless stream of high-profile data breaches and malicious cyberattacks, the need to ramp up security and manage identities is evident. 2019 will see the beginning of a new generation of risk-based authentication, powered by machine learning and user behavior analytics. Organizations will start to uncover their own unique context and identity insights to gain a more comprehensive view of user identities including locations, behavior patterns, frequency of use and more. This new generation of risk-based authentication will allow organizations to reduce the friction on end users when accessing applications and information while strengthening the assurance that the user is who they claim to be.

Jim Ducharme, Vice President of Engineering and Product Management at RSA

No comments: