2020 was a year of accelerated digital transformation with Covid-10 related lockdowns pushing pre-existing trends into overdrive. We saw more quantum leaps in cloud adoption, remote work, and digital transformation in a single year than we saw in a decade.
Naturally, this shakeup has caused a near-perfect storm in the world of cybersecurity. Threat actors have, by extension, expanded their hunting grounds from fortified network perimeters and into the unprotected home networks and unsecured private devices that are now increasingly used to access the organization’s assets and resources.
While challenges in front of us are varied, the common thread of the most pressing cybersecurity challenges is that the most urgent, painful, and noticeable hurdles can be traced back to identity management and authentication.
Remote and hybrid workforce
One trend that is not going anywhere as we enter into 2021 is our reliance on technology for supporting a remote workforce. The number of employees working remotely is predicted to eventually settle in at 300% of pre-pandemic levels at the minimum.
As more and more people require secured access to an organization’s resources, it becomes increasingly clear that current authentication methods are deficient both on security and the employee experience fronts. With that many people working remotely long-term, organizations must rethink remote-work security.
One problem with current authentication methods is that they are reliant on login/password combinations. Passwords are fundamentally insecure for many reasons – endemic password reuse, credential dumps and credential stuffing, and poor password hygiene, among others.
Passwordless authentication improves security by removing the most vulnerable part of the equation – the humans. When security no longer hinges on passwords, we have essentially removed the cause behind 80% of data breaches. Weak login/password combinations, credential dumps, and endemic password reuse that contribute to the sprawling risk of compromise are no longer a problem.
At the same time, passwordless authentication improves employee experience and ensures that employees have access to all resources and applications they need without the requirement to memorize their credentials.
The TCO is reduced by streamlining employee experience due to the significantly reduced cost of support that is usually dedicated to resetting and maintaining passwords.
Cloud threats and zero-trust principle
Today, there is less of a distinction between cloud and local protection, as both increasingly deploy zero-trust methodology for granting access to corporate resources.
This is a stark departure from perimeter-based protection schemes. The perimeter security approach was falling out of favor even before COVID-19, as the focus on perimeter protection meant that hackers that manage to get past corporate firewalls could move laterally through internal systems without much resistance.
The zero-trust approach opts for “better safe than sorry” approach and requires verification for anything and everything before granting access. Zero-trust no longer assumes that actors, systems, or services operating from within the security perimeter should be automatically trusted.
Naturally, this approach is much more fitting to the distributed workforce era.
Today, the perimeter itself is no longer clearly defined. Organizations are managing a hodge-podge of applications and data stores are both on-premises and in the cloud, with users accessing them from multiple devices and locations.
Zero trust methodologies benefit from passwordless as it removes a frustrating requirement to constantly log into the services. Passwordless authentication methods can verify the user by confirming that the device they use to access is registered with the authentication system – typically a mobile device, encouraging trusted user access no matter where the user is connecting from.
AI provides efficiency and effectiveness for good and bad actors alike. Faster network speeds, combined with sprawling use of intelligent devices, will inevitably result in the growing sophistication of automated attacks.
Cybercriminals increasingly turn to AI and ML technologies to create malware that teaches itself to search for vulnerabilities and automatically evolves by finding payloads that would be most successful without exposing itself.
Likewise, faster network speeds, such as 5G networks, benefit both sides. When the speed of communication between devices is much greater, bot attacks can become ever more sophisticated. Swarm attacks involving intelligent bots that can learn from each other as the attack occurs are going to be a more common occurrence going forward.
As with anything else in cybersecurity, when it comes to protecting organizations against malicious use of AI – preparedness is key. This includes having proper security architectures and segmentation to reduce a company’s attack surface, as well as sophisticated authentication systems that deploy the zero-trust principle.
Focus on privacy and regulation
There has never been more awareness of data protection and privacy at both the regulatory and the consumer level. 2020 has been a record year for data breaches, privacy-related lawsuits, government enforcement proceedings, as well as large settlements of new and older claims.
There has never been a higher demand for cybersecurity-related legal representation, and legal teams specializing in cyber are in a hiring surge amid new privacy regulations and surging cyberattacks.
Privacy and regulation are no longer at the back of the mind and come front and center to the list of CISOs’ list of responsibilities.
Organizations are as focused as ever on the protection of digital identities and success mechanisms, as regulatory frameworks become better defined. Passwordless authentication comes to the forefront. It allows organizations to ensure that whoever gets access to their resources is indeed who they say they are, not simply someone who got access to the login/password combination.
Amplifying existing resources
The lack of skilled cybersecurity personnel combined with tight security budgets is another challenge that CISOs must contend with going into 2021.
Hiring and training personnel is the last area you would want to be cutting the budgets. So we must look at other areas where we can save resources without compromising on the quality of service.
Passwordless authentication ticks all the boxes. It results in overall lower TCO due to significantly reduced management complexity, the need for helpdesk support, and improved uptime and employee productivity.
Passwordless authentication is the hero 2021 needs
Even though we are about to step into the new year, the world remains firmly in the grip of the virus. We can expect the continuation of these trends going forward, with remote workers and cloud services increasingly targeted by cybercriminals.
Cybersecurity challenges we are facing are varied, but they all can be tied into a single fundamental concept- authentication. Defining who gets access to what resources, when, and where is the very foundation of cybersecurity. Passwordless authentication removes the weakest link from the authentication process – human beings.
By removing the dependency on login/password combinations that can be lost, reused, stolen, or forgotten, organizations can improve security, lower the overall TCO, and improve employee experience at the same time.
Why password policies are a waste of time and money