In a year of economic instability and global unease, cyberattacks only became more rampant. From widespread impersonation fraud to heightened SMS phishing in Singapore, Malaysia, Thailand, and Hong Kong, attacks have become more frequent and threatening throughout the digital landscape in 2022 – illustrating companies’ authentication weaknesses across all industries.
With the start of this new year, it’s the perfect moment to reflect on what we have learned about cybersecurity in access and identity management and plan ahead for authentication trends that are likely to emerge in 2023 and beyond.
MFA varies in quality, and SMS OTPs simply aren’t enough to provide reliable security
During the past year, hacker toolkits have exponentially grown on the dark web, making bypassing two-factor authentication via SMS incredibly inexpensive and simple. This increase in attack numbers coincides with both an upsurge in consumer use as well as a rise in attacks. As a result of this newfound vulnerability, it is predicted that by 2023 SMS one-time passwords (OTP) will be viewed as inadequate for strong authentication purposes.
In the end, it boils down to one major difference – phishable and non-phishable credentials. A one-time password is both visible and can be shared with others, implying that it might be subject to phishing activities which will result in taking control of accounts. SMS-based MFA may have been a convenient way for compliance, but this practice has to be changed now as regulatory updates are on the horizon in the upcoming year, which could bring about an alteration in outlook towards security measures.
Additionally, Bank Negara Malaysia’s recent announcement to transition from SMS OTPs has induced other organisations to stick in the same direction and adopt more secure authentication methods like biometrics, cloud IAM solutions, facial recognition or cryptographically sound possession-based multi-factor authentication apparatus for improved fraud protection.
Ramping up the adoption of passwordless authentication in the banking sector
KPMG’s recent report has ranked Australia sixth on the global fintech rankings. The region is experiencing immense growth in digital banking, with 82% of consumers opting for tap-and-go payments. However, this success has unfortunately attracted cybercriminals who have targeted and launched sophisticated attacks against financial services companies. To ensure continued success and security within the digital payment space, it is essential that industries take proactive steps to strengthen their cybersecurity posture moving forward.
With cyber threats ever-evolving, financial institutions and regulators are doing their best to stay ahead of the game. To protect customers from fraudsters, I am confident more companies will be revising their cybersecurity strategies by introducing multi-factor passwordless authentication for a stronger system as well as creating an effortless user experience.
ID verification is quickly becoming the norm in today’s world
The dialogue around Twitter Blue sparked interest in identity authentication, creating a newfound awareness of our identities on social media. Nonetheless, as more and more essential services transition online in 2023 – from banking to government-related activities – the demand for secure solutions that can authenticate user identities remotely is intensifying.
The emergence of identity services raises questions regarding usability, security and interoperability. For users to have a consistent experience while feeling secure that their data is being handled properly, it is critical to leverage existing standards such as FIDO along with emerging business models like delegated authentication. By relying on trusted providers for verifying certain user information (e.g., date of birth and country of residence), there would be no need for handing over massive amounts of sensitive personal details to third parties.
In light of our ever-evolving world, resilience is being tested more than ever. As digitalisation continues to redefine industries and businesses in 2023, cyber threats will emerge alongside it. User authentication stands as the first line of defence against these potential risks – meaning organisations must conduct regular assessments of their authentication technologies with an eye for these four key trends.