Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Say Farewell to Passwords and Codes
By Jordan Blake, VP of Products at BehavioSec
A "new normal" took
hold in 2020. As we work in 2021 to contain
the virus that changed everything this past year, will
we be able to return to a way of life we once took for granted -
or find our daily routines and digital lives forever changed?
I believe we'll
see both. Yes - we'll be able
to resume most familiar activities that were placed on
hold. But some advantageous, pandemic-driven developments
will remain part of a lasting business and societal dynamic - including working
from home (WFH) and improvements to device, network,
application, and system security.
My (3) Top 2021
Predictions:
1.
Hackers will increasingly target and
succeed at compromising WFH environments, forcing security teams to
respond.
In
the COVID-19 era, over 37% of Americans are already working from home.
While this benefits public health within their communities,
it also opens more ransomware and data
breach opportunities for hackers due to an expanded and
highly vulnerable cyber ecosystem. In fact, 90% of technology leaders say they've seen
a rise in attacks resulting from WFH policies, with
3 of 10 noting incidents increasing by at least
25%. Further, 4 out of 5 indicate that attacks
are becoming more sophisticated. Given this, security teams will need to
examine their tools and methods to assess what's
needed to safeguard employees - especially since, for
84% of companies, their workforce will only go more remote, and on a permanent basis.
2.
In response to
breach, Multi-factor Authentication
(MFA) systems will finally evolve
beyond basic knowledge/possession-based secrets.
Why? Because,
in the case of these early implementations of MFA, there are too
many issues with telephone networks to continue to trust that a phone number
uniquely and reliably identifies an individual, and hasn't
been compromised. To cite just one high-profile example, Microsoft's Director
of Identity Security, Alex Weinert, recently wrote that it's
time to "hang up" on short message service (SMS) and
voice MFA controls. He notes how publicly
switched telephone networks (PSTNs) are easily compromised
by cyber criminals using phishing, social media, account
takeover and device theft exploits.
Weinert instead advocates a
transition to "passwordless" authentication. I anticipate that many companies
will begin to heed this call in 2021, leaving behind passwords,
tokens, pins and additional possession, knowledge-based authentication
tools as a pre-COVID model - and working
to adopt newer approaches to MFA such
as behavioral biometrics. Through behavioral biometrics, security
teams unobtrusively authenticate users by tracking how they physically interact
with services and devices, e.g. how they type on a keyboard
or swipe on a smartphone. These unique, behavioral profiles of
employees are used for authentication, while
blocking activity of those who do not match the
known behavior of the human behind the
digital identity.
In
addition to improved security, behavioral biometrics
solutions allow employees to avoid tedious, friction-creating
steps which negatively affect their productivity
and engagement. They aren't even aware that they're going through an authentication
process because they don't need to "do anything" to access the internet, apps,
docs, etc. - they simply use their
devices as always while doing their jobs.
3.
In their rapid responses to threat,
organizations will then face increased scrutiny on
data privacy compliance.
Nearly two-dozen organizations have already paid "major"
(at least €100,000) fines in 2020 for General Data Protection
Regulation (GDPR) privacy violations. And in May, the European Data Protection Board (EDPB) banned "cookie
walls," which require visitors to accept
cookies to allow access to a website's
content. Given these trends, we're likely to see more legislation and
precedent-setting cases globally as consumers demand transparency
about the way businesses collect and store their personal information - all of
which will benefit worldwide governance, compliance and security.
At the risk of stating the
obvious, while we don't want this "new normal" to last, it
has also driven difficult, but
necessary, adjustments that serve greater good. The pandemic has
offered "lessons learned and best practices" for both our
physical and digital health to unlock meaningful, enduring change. By
eliminating dependence upon old and
annoying possession/knowledge-based authentication
controls and committing compliance with personal
data protection, we'll ensure that businesses, consumers, and
employees will be able to shop, work and otherwise live in
a more secure state digital world as we
emerge from a year many of us look forward to putting behind us.
##
About the Author
Jordan Blake is
the VP of Products at BehavioSec,
driving the vision, growth, quality of solutions, and client satisfaction with
them.
His 20-year career in product
management, cybersecurity, and cybersafety has spanned work with global
industry leaders like IBM and Symantec. Most recently as Director of Product
Management at Symantec, he led product efforts to integrate LifeLock after its
$2.3 billion acquisition. He previously led the early product management
function at FireEye (FEYE), leading to a multibillion-dollar IPO.
Jordan holds a B.S. from the
University of Waterloo, Canada and currently resides in the San Francisco Bay
Area.