3. Password-only authentication cannot be the only tool.
In the US the Equifax and Anthem data breaches were alarming for many consumers. The conversation changed when consumers stated asking questions about the safety of their online accounts.
The reality is most consumers have little or no idea about password alternatives or enhancements like multi-factor authentication (MFA) or risk-based authentication. However what is certain is that consumers are aware that passwords alone no longer sufficient.
This paradigm shift is important, because companies often rely on a lack of consumer demand for stronger authentication as the basis for not offering such security..
But as technology evolves we are seeing these concerns eased by consumer friendly risk-based authentication tools becoming more widely available, more easily integrated and more affordable.
4. Expect an increase in State sponsored attacks and do look out for how these attacks have changed
A handful of countries make up the core of this nefarious group. In recent years their attempts to extort, steal, spy and disrupt by various means despite sanctions and international pressure, has little to no deterrence or positive impact.
In 2018 we will continue to witness a significant increase in the scale and impact but equally worrying is the change in modus operandi. Rather than just disrupting they are now also looking to gain economically, whether it is the theft of digital currency or influencing foreign and domestic policies.
5. In a digital world looking to build trust 2018 will see a rise in the “zero trust” security protocol.
The sheer scale and aggregation of cyber-attacks are leaving the international business community to seriously consider implementing zero trust security models.
Loosely translated zero trust means an IT team adopts a mind-set of ‘we don’t trust anybody’ thus only by explicitly allowing vetted and sanctioned users to access systems can trust be established.
Like with air travel post 9/11, this approach will result in more rigorous authentication protocols, requiring users to verify their identities with multiple layers of credentials. Enterprise systems will vigorously authenticate whether users are indeed entitled access to specific sets of data, before making them available. The knock on effect of zero trust is to anticipate more companies mandating security audits of their partners, suppliers, and service providers.