Trust Wanes, Mitigation Reigns and a Mind-Set Change in 2018

Mega data breaches during 2017 have thrust the issue of digital identity center stage. The past 12 months have brought significant financial and reputational damage, for corporate and consumer. Yet every cloud has a silver cybersecurity lining, and the (mis)happenings of 2017 have illuminated poor practice and bad habits, and should serve as a call to action to individuals and businesses across every sector. 

From monitoring to mitigation, reactive to proactive 
Anti-virus, network protection, firewalls – businesses have rightly been investing resources on cyber-monitoring tools. However, they have not been dedicating as much time, attention, money and skills to addressing the threats arising from an increasingly complex security landscape. Focusing on monitoring is akin to protecting your home with CCTV cameras – these cameras don’t stop burglars from forcing their way into your home, they simply tell you when the burglars are there.

As businesses are forced to keep virtual burglars away from precious customer data, organizations will look to more effective and proactive mitigation techniques – including the use of multi-factor authentication and credentials – to prove that the only people accessing systems, networks and data are those with the authorization and rights to do so.

Beyond Bitcoin: Blockchain for digital identity
The value of Bitcoin has increased by almost 600% over the past year, so it’s no wonder cryptocurrency’s underlying framework, blockchain, is set for great things. Its potential is huge: information held on this quasi-database is shared across the chain, is transparent and cannot be corrupted. This creates the perfect structure for financial transactions, but in 2018 we’ll also see blockchain as a tool for securing and verifying digital identities.

Personal data is of course already held by a huge number of private companies and public bodies, but this data – these digital identities – are unlikely to be identical. Different methods of data input, outdated information and insecure servers exacerbate this issue, allowing digital identities to be incorrectly replicated, intentionally corrupted or stolen.

Creating a digital identity on blockchain, on the other hand, means that people wouldn’t have to prove their identity at every required virtual point, and instead this information would exist in a secure, shared ledger. This approach would also hand more control to individuals of their own personal data and identity – something which should be a given! Individuals could verify that they are who they say are, divulging only minimal information to the third party requiring access.

We will also see the growth of blockchain enabled smart contracts for business transactions. These contracts will require the designated ‘actors’ in the transaction to robustly authenticate themselves into the blockchain. This will drive the need for trusted digital credentials for use within permissioned-based blockchains – smart contracts need to be anchored to people who are can be trusted.

We won’t see any revolutionary uses of blockchain for digital identity in 2018, but we will see experimental steps in this direction. Voter registration, logins for online banking, accessing official records and utilizing public health services: real-life, wide scale implementation may be a while off, but the socio-economic benefits it could deliver are huge.

Consumer trust wanes as security breaches pervade headlines   
Equifax stole the limelight in September 2017 as one of the biggest and most far-reaching data breaches we’ve seen over the past few years. The credit reporting company dropped the ball not once, but numerous times, in a security debacle that epitomizes the severe lack of security awareness from major organizations.

Equifax isn’t the only culprit, and this has led to growing public scepticism and contempt of the firms we entrust with our data. Society is becoming more digitally-savvy and the value of Big Data – to the commercial entities rather than the individuals themselves – is becoming more clear. As such, as we move into 2018 we’ll see greater public scrutiny of the traditional ‘guardians’ of our virtual data.

Reluctance to part with personal information, demands to know where and how any information is stored, growing interest in the right to be forgotten, and higher penalties for careless data protection – bolstered by GDPR – will result in a shift in mind-set next year. Digital identity, our right to ownership and the need for greater security, will be propelled to the fore.

What’s Hot on Infosecurity Magazine?