Domestic Cyber Terrorism, AI Poisoning and Identity's Important Role in the Post-pandemic World

By Ben Goodman, CISSP and SVP at ForgeRock

After the year we've had, it seems like nothing is off the table for 2021. As the dust settles from the election, we transition to a new administration and we enter the second year of the COVID-19 pandemic, it is important to look at how major societal events will impact the next year. Enterprises must be prepared for the security threats that will emerge in 2021 due to the 2020's political climate and new technologies that weren't available before. Also, many organizations are looking to identity technology to play a key role in the shift back to "normal" after the pandemic subsides. 

Below are four key trends we can expect to see in 2021 for cybersecurity and how identity and access management will evolve after the pandemic. 

1)  Domestic cyber terrorism on the rise in 2021. 

While we've seen an increase in international cyber terrorism in recent years, the outcome of the 2020 election may lead to domestic cyber terrorism attacks as an emerging threat. Due to the volatile political climate from the election, plus the spread of false information, it could be the perfect storm for domestic cyber warfare between hacking groups. While we've seen for-profit cyberattacks from foreign actors, security teams should be weary of cyber terrorism from domestic groups as well.  

Hacker groups like Anonymous have gained a great deal of notoriety over the last decade, linked to numerous high-profile incidents including Internet attacks on governments, major corporations, financial institutions and religious groups. This year, a right-wing conspiracy-theory group known as QAnon has grown in popularity and spread from fringe message boards to mainstream platforms and has become a growing political issue. With all of the reddit and subreddit message boards, and white supremacy groups using the internet to spread their influence, extreme political groups can use the Dark Web and may attempt to instigate cyber warfare in reaction to the 2020 election results.  

2)  Identity will be a key technology for helping people return to work in 2021.   

Digital identity technology will be a critical component for managing health checks, vaccine distribution and information related to virus exposure and citizens' requirement to quarantine. Medical professionals, employers and employees must have transparent, but private ways of sharing this kind of data to help enable the return to work in person.  

For instance, businesses may require health checks or proof of vaccination when people enter an office building or other crowded space. Identity will be key in managing this health history information and keeping everyone safe while preserving individuals' privacy. The COVID-19 Credentials Initiative already exists, which is a working group that aims to help deploy privacy-preserving verifiable credential projects in order to mitigate the spread of COVID-19 and strengthen our societies and economies. Their goal is to use Verifiable Credentials, an issued assertion containing a set of claims about an individual or organization, similar to a physical credential like the cards in one's wallet. The unique value of Verifiable Credentials is that they are digitally native and cryptographically secure, making them a great privacy-preserving alternative to other types of credentials if used responsibly. 

3)  Now that AI is more widely used, bad actors will try to "poison" the data.   

In 2021, we will see an increased number of "data poisoning" attacks occurring as more organizations are deploying AI platforms across their systems. In previous years, malicious hackers had already discovered that they can attack AI and machine learning software by feeding the AI illegitimate data to cause it to produce negative and/or inaccurate results. This will become a more prominent issue in 2021 and the following years. Bad actors can feed the AI software an image with another image inside that does the opposite of what the AI is supposed to do so it will poison the AI algorithm.  

For example, when AI is used for detecting fraud, fraudsters can submit bad data that makes the software unable to detect the fraudulent activity. Many security platforms use AI and machine learning data to detect cyberattacks by identifying anomalies in existing data, so this is a considerable threat that could potentially throw off their detection methods. In 2021, it may be necessary to use separate AI to do integrity and security checks on data collected by the initial AI software.  

4)  2021 will be the year of ambient identification methods as organizations shift to "zero login" 

Now that passwordless technology, such as biometrics, are widely used, we will see a shift toward a "zero login" process which doesn't require any friction for the user unless there is an issue with the initial authentication. This means that there will be no credentials to remember and multifactor authentication (MFA) will be silent on the back end. Zero login will be more secure than using a password, username or MFA because it can use factors, such as device enrollment and device reputation, fingerprints, keyboard typing patterns, the way the phone/device is held, etc., to verify identity in the background while the user has frictionless experience.    

For zero login to be successful, all these identity verification factors must be measured and combined in a transparent way, so consumers don't feel like their privacy is being compromised. Organizations should also have the option to introduce authentication steps into the process if they prefer to introduce more friction for bigger or more risky actions, for example. Similar to how Amazon doesn't allow customers to use "buy in one-click" for purchases over a certain amount. Rather than only authenticating at the "front door" with passwords or MFA, extra security steps will be added right at the point of potential fraud during the transaction to create a better digital experience for users. Essentially, zero login enables smarter authentication that adjusts as necessary for a more seamless login experience across an individual's devices.   

##

About the Author

Ben is responsible for corporate development, global strategic partnership and technology ecosystem efforts. A member of the CEO staff, Ben drives and evangelizes ForgeRock's innovation agenda and product direction. Prior to ForgeRock, Ben led Technology Evangelism for VMware's End-User Computing business unit, where he was engaged in the product roadmaps and acquisitions that lead to the creation of VMware Workspace One. Before that, he worked at Novell where he was instrumental in the creation and growth of their Identity Management platform.