Dan Yerushalmi is the CEO of AU10TIX, a global technology leader in identity verification and management.
Cybersecurity and identity verification are headed where they always should have been. It’s impossible to consider one without the other. And this intersection is likely one of the most pivotal shifts we’ll see. It impacts the way we think about and deliver online transactions.
But reaping the rewards of a more closely integrated cybersecurity and identity verification (IDV) ecosystem relies on more than technical intervention. It will require a change in perspective. Many tech stacks have married cybersecurity with identity verification to some extent, but not all integrations are perfect, and more prove vulnerable and clunky.
Some rely on older mechanisms, like text-based passwords. Others involve lengthy processes to meet important regulatory requirements, processes that cause friction in the user experience.
This change will need to address how we think about integrating both disciplines into a robust digital security strategy and what that looks like for end users. Today, less is more—fewer clicks of a mouse and fewer taps on a smartphone screen.
Security is also a major concern. AI-based threats are relentless, and because there’s such a low barrier of access to AI tools, we’re all in the line of fire. Last year, we caught a mega-attack orchestrated on the payments sector. Over 22,000 AI-generated IDs were fabricated using just a single U.S. passport template. And these kinds of attacks don’t take on a single form. Bad actors have evolved the way they work. Attacks can be both instant or slow and measured to avoid attention.
Tech That’s Driving The Blend
There are several forms of technology making this cybersecurity and IDV convergence possible. At the forefront, biometrics has presented the world with a more straightforward way to prove that people are who they say they are, dealing a significant blow to deepfakes. Liveness checks ensure that ID holders are present during authentication, so it’s harder for hackers to beat the system.
AI and ML have also stepped up in a big way. Sophisticated neural networks help instantly screen identities on the go, too. They’re also capable of picking up distinct threat behaviors that could easily be considered anomalous and, therefore, “safe.”
Encryption has always been a critical component for secure transactions, and the blockchain lends decentralized public key infrastructure (PKI) to the cause. It offers a tamper-proof and trusted means of asymmetric verification. This all equates to stronger safeguards for digital ID holders and more peace of mind for all stakeholders.
Challenges And What We Need To Do
It’s no surprise that the issue of data privacy and ethics would make it into this conversation. These are and have become some of the most pressing matters around creating safer online spaces.
Because of AI’s emergence and rapid evolution, we’ve got to become smarter about how we regulate digital ecosystems. Several of today’s policies address different areas of online transacting. Many impose rules and steep fines for failure to comply, but much of what they offer is hard to interpret.
The way data is collected, who it’s shared with and how that data is protected when it’s shared are sensitive subjects. We’ve got to become more transparent about these issues because they all affect us.
As users, we should know exactly how our data will be stored, used and shared. Consent must also become a permanent feature in the way we collect information. Users should be able to choose what they want to share and remove their data if they choose without hassle.
A Glimpse Into The Future
I see the development of stronger integrations quickening in a short period of time because threats and hackers’ ingenuity will only ramp up. DevOps will lead the way, implementing solid foundations for better protection.
This will prove digital IDs invaluable, especially as they are fortified by blockchain technology. Integrations will be viewed more holistically, no longer prioritizing perimeter defense of identity verification because one cannot happen without the other, where user access is required.
But this can only happen if we move away from a siloed approach to digital security strategy. Cybersecurity and IDV must move in lock-step. Industry regulations will also need to mature, becoming clearer and better enforced. This will require lawmakers and industry participants to meet at the table, share transparently and set the foundations for more robust governance and a solid consortium-based approach to tackling identity-related threats.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
This post was created with our nice and easy submission form. Create your post!
