As malicious bot activity increases and attacks against APIs increase, MFA will become a mandate and CISO will play a bigger role, predicts Andre Durand, CEO and founder of Ping Identity.
The dramatic increase in ransomware and other cyber attacks over the past year has finally hit the point that cybersecurity needs to be taken more seriously. Amidst initiatives from the US government and other parties, there is growing global awareness of the need to focus on security to combat attacks that threaten critical sectors of society. How can this renewed focus on security begin in 2022? Andre Durand, CEO and founder of Ping Identity, offers up his own with nine cybersecurity predictions for the new year.
See: security incident response policy (Tech Republic Premium)
Cyber security will become an ESG issue
ESG (Environmental, Social and Governance) is a method used by investors and others to evaluate businesses based on socially conscious standards. According to Durand, with more investment in the security needed to protect society, cyber security will become ESG’s fourth responsibility for corporations.
“The digital economy has been really important over the years, but the pandemic has moved large parts of our economy to the digital world,” Durand says. “We must have appropriate digital identity safeguards in place, or we will have anarchy and fraud going on online, which is greatly hindering our economic prosperity. Governments need to step up and enhance digital security laws and enforcement to the same extent Just as physical laws and security are regulated. Today.”
MFA will become a global mandate
Duran says that to better secure logins and protect sensitive data, multi-factor authentication (MFA) will be needed, not only in the US but around the world. As only one of many steps needed to improve safety, MFAs need to start from key sectors such as government, healthcare, utilities, banking and education. But consumers will also begin to demand measures such as MFAs to keep their information secure and increasingly abandon businesses that fail to take security seriously.
bad bot tsunami
According to Durand, malicious bots that disguise themselves as humans are a threat to customer-facing systems. These types of automated attacks can lead to credential stuffing, account takeover and account fraud. Sneaker bots can buy a limited list of a hot product and then resell them at inflated prices.
Traditional security solutions no longer cut it when combating bots, as scammers have learned to thwart them. Instead, artificial intelligence and machine learning are needed to better differentiate bots from humans. And such tools are already here, Durand says. The technology seeks out bots by analyzing factors such as how fast the user types, how the user navigates a website or app, and how hard the user presses on the touchscreen.
The focus will be on zero trust authorization
Authentication will rapidly move to authorization, as seen with ZeroTrust, to ensure that only the right people have access to the right data.
“While it has been going this way for many years, corporate network perimeters became a thing of the past during COVID, making zero trust authorization more important than ever,” Durand says. “While a
While mandating zero trust for government entities, we will start seeing private enterprises do some cyber security measures to do business together.”
See: Identity is replacing passwords: What software developers and IT professionals need to know (Tech Republic)
rise of digital wallet
People will increasingly store verified data about themselves on their phones, Durand says. As just one example, their real identity will be saved in a government-issued ID through a digital wallet provided by Apple and Google. But other types of identity data will be shared with the user for better privacy and control.
There are advantages and disadvantages to digital wallets and IDs. Plus, they can ensure user identity in business or financial transactions, reduce fraud and identity theft, and reduce costs and overhead for organizations that typically create physical methods of authentication. . On the minus side, a person could be at risk if their mobile device is lost or stolen, with a battery drained because a device without power is of little use when attempting to present your digital IT. , and any digital verification that requires connectivity will fail. If there is no cellular or Wi-Fi available.
Attack on Zombie and Shadow API
Shadow or zombie APIs pose a security risk, as they are generally hidden, unknown and vulnerable by traditional security measures. According to Durand, over 90% of attacks in 2022 will be focused on APIs. And for organizations without the right kinds of API controls and security practices, these shadow APIs will become the weak link.
Convergence of IT and OT
Information technology and operational (physical) technology will collide as IT teams take responsibility for the security of physical devices. This trend will require interoperability between IT and OT, leading to a convergence of technology to determine who can physically enter a building and who can access key applications. As such, organizations will need to have universal security requirements for all vendors that are part of the process.
Identity Focus Turns to User Experience
Amidst security changes, user experience still needs to be considered and prioritized. Customers don’t really care about the technical process going on behind the scenes, says Durand. Instead, they want a seamless digital experience so that they can easily access their accounts and make purchases. Consumer-facing companies that do not provide a seamless user experience will be left to companies that do.
Rise of the CISO
According to Durand, as corporate boards are increasingly focused on cyber security, more people will report directly to the CISO and report to the CISO board. More boards will also set up a dedicated cybersecurity committee by 2025, as Gartner forecasts.
Durand says, “CISOs can clearly define real risks to the business and offer solutions to reduce or completely remove business risks that may cause monetary or brand reputation issues ” “The CISO’s office helps to educate employees and keep them aware of security risks to the business and itself. Keeping the CISO at the right level within the company allows high and critical security risks to be addressed in a timely manner.”