Virtualization Technology News and Information
Acceptto 2021 Predictions: The New Normal Post COVID-19

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

2021 The New Normal Post COVID-19 Predictions

By Shahrokh Shahidzadeh, CEO at Acceptto

Cybersecurity to Become a Business Initiative

In 2020, our world and cyber security landscape changed dramatically. Cybercriminals attacked the enterprise, computer networks, and systems of individuals, reminding us all that the system is still vulnerable in spite of the new technologies. We seemed to keep hoping that more of the same will protect us. This included large and small enterprises, government agencies, alongside national and global organizations such as those on the frontline fighting COVID-19.

In 2021, cybersecurity will finally become a business initiative for many large enterprises. Forward-thinking enterprise CFOs will become more involved in supporting their CIOs and CISOs as they hunt for the next generation's authentication systems. Authentication will become a must-have in order to protect enterprise assets, customer identities, and reputation. It's in the best interests of the CFO to support the organization's cybersecurity needs, as it directly affects the revenue of the company. This kind of initiative will only continue to pick up speed as the COVID-19 new world order comes into place. Such a new set of enterprise needs will necessitate a whole new standard for cybersecurity requirements and needs. 

Passwordless Continuous Authentication: Zero Trust Meets CARTA

Zero Trust initiatives will continue to be a priority as we roll into 2021. Cyber leaders/trailblazers of major companies will evaluate their current mainstream authentication methods or revisit their plans for implementation in search of more modern technologies than legacy SSO and MFA, which treat authentication as a binary event.

Industry veterans are likely already aware of the harms of relying on binary authentication methods like passwords, 2FA, MFA and even biometrics solutions.  More industry leaders will begin or continue their non-binary authentication journey at the core of their Next Generation Authentication (NGA) initiative, benefitting from the investment as the year proceeds. In the last few years, we've seen early adopters employing new state-of-the-art technologies preventing costly data breaches with AI/ML-powered passwordless continuous authentication. In the next 2-5 years, we'll continue to see more security analysts receptive to a paradigm shift we refer to as Biobehavioral(R) Authentication.  

There have been more breaches and theft involving digital identity in 2020 than ever before (2020 Identity Fraud Study). The majority of businesses worldwide have already seen a significant jump in cyber-attacks due to COVID-19 related breaches. The key contributors remain credential theft and misuse at a whopping 80%, followed by malware, misconfiguration, OS vulnerabilities and island-hopping contributing to approximately 15%. This leaves the remaining 5% composed of smaller threats such as SQLi, and other such attacks.

Cyberattacks will only ramp up as methods grow more advanced. These developments have put a spotlight on business resiliency and disaster recovery planning. Delayed implementation in armor against threat actors will result in devastating outcomes for many organizations in the weeks, months and years to come. Recognizing the risks, progressive CISOs will need to accelerate measures to deal with post COVID-19 cyber threats, including post-authorization continuous authentication and going passwordless where possible in order to eliminate the lion's share of the data source (see DBIR 2020 report).

Passwords are an outdated legacy authentication solution. It's crucial that we begin eliminating them where possible; the systems at hand are just too vulnerable to be protected by such a flimsy lock. 

Going passwordless resolves more than 80% of data breaches (2020 Verizon Data Breach Investigations Report). Ultimately, all of the real evil occurs post-authorization. In 2020, we saw significant evidence that MFAs can be bypassed again stressing the need for continuous authentication. Continuous authentication is the next step to maintain security and take care of the remaining 20% of breaches. This means foregoing the idea that authentication is a single event with a start and an end, or a simple "yes" or "no." It is rather a continuum. We predict that 2021 will see increasing recognition of this perspective on cybersecurity. 

Early adopters will augment the Zero Trust rhetoric and transition to the Continuous Adaptive Risk and Trust Assessment (CARTA) model we call Passwordless Continuous AuthenticationTM. Trailblazing CISOs will recognize the necessity of this model, searching for not only a context-aware, risk-based authentication solution, but also one that processes post-authorization risks and collects insightful actionable intelligence at runtime; a solution that is ready for the challenges of the coming decade, instead of those from the 1960s-2010s. 

AI/ML in Cybersecurity Becomes a Blessing

2015-2020 has indicated artificial intelligence (AI) was at the front of the mind for both the buyer and seller; it seemed to be a part of every software and services solution. Cybersecurity firms are no exception, with many adding AI claims to their promise of upcoming next-generation solutions. The most prominent aspect of AI - especially when paired with machine learning - is its ability to configure itself. This leads to smart security tools that improve over time, as well as adapt to and even anticipate new, unknown situations and threats. Little to no manual setup is required, thereby increasing a company's security level while tremendously cutting costs. 

In 2021, the use of AI/ML for predictive analytics and continuous authentication will become an obvious application for improving cyber protection. AI paired with other technologies such as machine learning, expert systems and behavior modeling can result in some of the smartest, most viable risk-based authentication and life cycle management solutions available in the context of identity access management. 

We expect that this development will be observed with a sound amount of skepticism. As with many technologies, this scientific progress has a potential for abuse. 

With the new normal of post-COVID-19 upon us, it is possible that the same methods intended for protection can be used to exploit the vulnerabilities of traditional systems. The unfortunate truth is that the efficacy of controls deteriorates over time; an AI/ML approach is not exempt from this trend, as the weaponization of AI is already a reality in the cyberworld. 2021 will ensure that the only way to keep up with cybercriminals is to pair an AI/ML approach with additional security measures to continually update the controls. 

Recommendations for 2021

A whole range of citizens are now forced to work from home: Students, enterprise employees to small medium businesses, and so on. With this newly homebound population, we must educate ourselves on and emphasize cybersecurity hygiene, for personal and workplace devices alike.

  • Start by securing your assets and socially distancing your data: Socially distancing your data includes frequent, if not automatic, backup of all your important files. Just like the physical world, it's best to minimize your contact and rinse your cyber hands by disposing of stale apps regularly.
  • Audit your login history regularly: Cyber hygiene best practices entails regularly reviewing your history of logins.
  • Use Smart 2FA/MFA: Educate yourself on the best 2FA/MFA techniques available today. Not all 2FA/MFAs are created equal, and in general, we are opposed to any binary authorization such as weak 2FAs and MFAs (including biometrics). SMS and OTPs have some variabilities and vulnerabilities, so your mileage may vary. Regardless, having a 2FA/MFA is always better than not having it.
  • Go Passwordless: Explore opportunities to accelerate transition to nonbinary authentication systems such as passwordless continuous authentication.


About the Author

Shahrokh Shahidzadeh 

Shahrokh Shahidzadeh leads a team of technologists driving a paradigm shift in Cybersecurity through Acceptto's Passwordless Continuous AuthenticationTM. Shahrokh is a seasoned technologist and leader with 30 years of contribution to modern computer architecture, device identity, platform trust elevation, large IoT initiatives and ambient intelligence research with more than 31 issued and pending patents. Prior to Acceptto, Shahrokh was a senior principal technologist contributing to Intel Corporation for 25 years in a variety of leadership positions where he architected and led multiple billion-dollar product initiatives.

Published Tuesday, January 26, 2021 7:21 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2021>