SHOP CONTACT US
KR EN
KR EN
TrustKey
Global Group
The Best Partner for You

SUPPORT

We create technological value for the prosperous life of our customers.

Support ArticlesStay up-to-date on company and partner news, product tips, and industry trends.

Forum Questions Future of Digital Identity, Path Forward

Panelists at a recent policy forum said passkeys with detection-enabled biometrics make for a more secure online future, but accessibility and digital equity concerns must be addressed.

January 29, 2024 • 

 

 

With data breaches that compromise personal info soaring — 2023 was a record year in the U.S., one report found — new methods of verifying identities are almost certainly on their way.


These will avoid reliance on passwords, Social Security numbers or other knowledge-based methods, thus helping diffuse the danger of stolen personally identifying information, said several panelists during a recent policy forum co-hosted by the Identity Theft Resource Center (ITRC).

“The era of reliable identity verification based solely on knowledge and personal information is over,” said forum speaker, Caitlin Clarke, senior director for cybersecurity at the White House’s National Security Council.

Finding reliable and secure ways to verify identities online is an issue of increasing importance for state government. It touches many areas of modern state government work, from stopping unemployment insurance fraud to keeping children from accessing adults-only content online. A growing number of states are also exploring whether digital, mobile drivers' licenses (mDLs) can bolster privacy.

This all makes new methods of verification vital. One is multifactor authentication, which is more secure than passwords alone, said FIDO Alliance Executive Director Andrew Shikiar, but he argued that passkeys are more secure yet, and strong enough to stand alone as a factor. Passkeys synced across devices via the cloud can also provide a smoother user experience, because people don’t have to re-enroll each separate device in the authentication method, and may bypass problems such as a user physically losing devices.

Individuals use passkeys to approve the login attempt on their devices by entering the same PIN or biometric they use to unlock that device, per the FIDO Alliance. Speakers also homed in on the potential benefits of biometric authentication and identification.

ITRC Chief Operating Officer James Lee advocated facial comparison-based user verification, which he emphasized was different from facial recognition. According to the ITRC, the key difference is that facial comparison compares a person’s selfie or live image against the photo of them on their ID, whereas facial recognition compares a face to those in a database of many faces.

But biometric checks must be handled carefully.

For one, checks must include liveness detection otherwise the system can be tricked, said Stephanie Schuckers, director of Clarkson University’s Center for Identification Technology Research. That means using sensors, accelerometers or challenge-and-response interactions to confirm it’s a real person, not a photo, video or deepfake.

Accessibility is a key concern, too. Not everyone has a smartphone or other device suited to capturing biometrics, Lee said.

Some cautioned against using biometrics as a primary solution, noting organizations must plan against something going wrong and collect only as much data as absolutely necessary. Otherwise the details they store could become a honeypot for hackers.

Schuckers said using approaches like the FIDO protocol enables biometric information to remain on users’ devices, avoiding organizations storing that information themselves.

Organizations can use still more methods too. The Social Security Administration (SSA)’s electronic Consent-Based Social Security Number Verification System is one example. It lets individuals permit a bank to contact the SSA to verify that identity details match those on file, said Jeremy Grant, coordinator for the Better Identity Coalition.

That model could be applied more widely, beyond just the financial sector. Grant’s Better Identity Coalition released a new report detailing policy recommendations and assessing government’s efforts thus far. The report praised federal promotion of multifactor authentication, but said the U.S. needs to do more to develop systems for digitally proofing identities across all sectors.

The report also urged the White House to create a task force of state, local and federal agencies focused on closing gaps between physical and digital credentials. The coalition urged federal agencies to ramp up efforts to create standards and guidance that could help states debut “remote identity proofing applications” for digital credentials like mDLs, as well as provide states with grant funding. Grant also praised mDLs programs, while advocating increased focus on using them to support online verifications.

The Better Identity Coalition’s report also cautioned that efforts to promote digital identity must not overlook the challenges of people who struggle to get core, physical ID documents.

Ben Roberts is director of Foundry United Methodist Church’s Social Justice Ministries, which runs an ID Ministry program helping community members get identification documents. Roberts said during the panel that people who are homeless often have their documents destroyed or stolen. And replacing documents can be difficult due to the fees, transportation and long wait times.

Still, plenty of trust-building may need to happen before residents are comfortable with government retaining and vouching for their ID data

 

[source:government technology. 2024.Jan.29 Jule Pattison-Gordon]

Facebook

MORE
Key Strategies for Enterprise Cybersecurity in 2024

As data theft becomes more public activity, businesses will require to be more transparent in their messaging. This would require businesses to admit the mistakes and also have to provide details to mitigate the issues.

 

By Nisha Sharma-January 4, 2024

 

 

As data breaches, threats, and frauds have become smarter, more intense, and more impactful than before, businesses will require tougher cybersecurity solutions for better chances at diminishing their impact.


According to Cybersecurity Ventures’s report


Cybersecurity Ventures

The attacks could be:

  • Data breach
  • Theft of intellectual property
  • Theft of personal and financial data
  • Fraud
  • Recovery and removal of hacked data and systems

Any of these cyber-attacks could do untold damage to the organization, so it is important for leaders to take suitable precautions to ensure minimal impact. With proactive monitoring and cyber safety tools, businesses could save billions in terms of financial and business losses every year.

 

So, what should be the focus for businesses to implement effective cybersecurity strategies in 2024?

Below are some ways enterprises can secure their businesses in 2024:

Strategy 1: Zero-trust Security Policies

Zero-trust security strategy will be a must-have approach in 2024 because:

  • Data breaches could cripple the brand:

A zero-trust model will ensure it can control the damage even before a breach occurs. It can initiate immediate restrictions to access points, network entries, servers, and system logins. The models can also limit the exposure of sensitive data by keeping firewalls updated all the time.

  • Network security:

Due to the increased use of a hybrid work models, the network security risks have increased over the last three years. With remote connections on the enterprise network, the perimeter may become weak and open to hacking. So, now enterprises need to deploy tools to support secure remote access at scale.

Perimeter-based security zero trust allow enterprises to securely and selectively connect users to applications, data, services, and systems on the cloud.

Zero Trust Security focuses on securing individual devices and users ahead of network security. Companies implementing zero trust security can:

  1. Protect sensitive data
  2. Conduct compliance auditing
  3. Detect risks faster
  4. Gain visibility into network traffic
  5. Control over access in cloud environments
  • Continuous verification:

  1. Zero Trust security strategy will help in continuous verification of users’ identity, device security, and types of data access points.
  2. Enterprises can update their end-to-end encryption anytime to protect IPs, keep devices secure and authentic, and detect malicious activities.
  3. Identity management will further improve data behavior analysis to identify potential threats and mitigate them.

Strategy 2: Multi-factor Authentication (MFA)

The enterprise cybersecurity in 2024 must focus on updating its multi-factor authentication parameters at scale.

The process of verifying identities will include a strong password management system, smart cards for verified access permissions, and fingerprint or face scans as biometric solutions.

An updated MFA system should enable “Notification through mobile app” method and an Authenticator to gain and provide access to key data sources.

Global Password Security Report reveals that

Password Security

Since mobile apps are becoming ubiquitous, companies need to ensure security of data access through the apps.

Amazon Web Services (AWS) has recently implemented policy that mandates a secure MFA for all accounts in 2024. This move will improve cyber security and reduce the risk of account hacking for its clouds. B2B customers signing into the AWS Management Console must use MFA to proceed.

  • Security Updates

To tighten enterprise cybersecurity, businesses must comply with modern data privacy regulations by government data protection authorities. To stay compliant, security teams should update systems and networks regularly.

  • Password-less authentication

In 2024, companies will see more adoption of passkeys and other MFA methods to access business assets.

Passkey adoption, along with biometrics, hardware tokens, and public-key cryptography, will replace the use of passwords.

These security technologies will also help mitigate phishing and social engineering, which target credential theft.

Here’s how it will reduce risk and boost security patches:

  1. Usage of proximity badges, physical tokens, or USB devices (FIDO2-compliant keys)
  2. Usage of tokens or certificates
  3. Use of fingerprint, voice, facial recognition, or retina scanning
  4. Use of mobile phone application for authentication

In its report Passwordless authentication market revenue worldwide from 2021 to 2030, Statista  says thatPasswordless

 

Strategy 4: Targeted Ransomware

As cybercriminals employ AI-driven ransomware, its impact is becoming more intense. With the help of AI, threat actors can deploy encryption techniques to penetrate data networks and other digital assets, easier and faster than before.

Here’s how enterprises can defend against ransomware in 2024.

  • Decryption Tools

Decryption tools are important for data recovery. They provide keys to unlock data from specific ransomware attacks.

There are different decryption tools for targeting threats, decrypting them, recovering data, and encrypting data. They help to safeguard sensitive data from exposure.

  • Multi-Layered security

Integrating multiple security layers across the digital assets will help to build a strong security system. These may include:

  1. Security Information and Event Management (SIEM) analysis logs for threat detection
  2. Regular Patch Management updates systems to spot and end vulnerabilities
  3. Endpoint protection to stop ransomware upon entry.
  4. Network segmentation that secure pathways and isolate attacks.
  • Backups

Backups are a critical activity in ransomware defense and useful for recovering data after an attack. Security teams can take backups effectively by employing the following:

  1. Backup encryption: It protects backup data from unauthorized access.
  2. WORM Storage: It ensures backups to remain unchanged
  3. Backup verification: It will conduct automated checks to confirm backup reliability

Also Read: The Impact of the Pandemic on the Future of Enterprise Cybersecurity

Strategy 5: Cloud Security

The advanced version of cloud cybersecurity is evolving into predictive and inventive security.

AI-driven security tools will help provide precise reports on the type of threats to expect. These predictive models can alert security teams about upcoming risks and attackers’ moves.

A Wrap up!

In 2024, cybersecurity risks will increase with the continuous digital transformation and technology deployment in enterprises. With emerging new technologies and tools, the threats are also constantly evolving. Interestingly, the same technologies that help fight threats will also aid attackers in creating the biggest risks.

How to use sharp technology is now in the hands of the security teams to ensure their enterprises stay safe and compliant.

source : Click

MORE

Meet TrustKey’s expert.

CONTACT US

TOP
TrustKey Co.,Ltd./Address : (06236) 2F, 14, Teheran-ro 22-gil, Gangnam-gu, Seoul, Republic of Korea
Tel : +82-2-556-7878 Sales : sales@trustkey.kr / Technical : support@trustkey.kr / Fax : +82-2-558-7876

Copyright © 2020 TrustKey. All Rights Reserved.