Why digital identity is the ultimate battleground in cybersecurity

security
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)

We’ve been living with widely-available generative AI tools for nearly two years now, so the time is right to ask the question – what effect is it having on the public’s understanding of their own digital identities, and how safe their identities are online? The answer, unfortunately, shows there’s a lot more work to do to improve our security online in the age of AI. In some recent research Okta commissioned, an overwhelming 93% of consumers across Europe are worried about digital identity theft, and over half (54%) of consumers have heightened their awareness of their digital footprint over the past year. This increased vigilance is driven by the surge in cyberattacks and the rise of AI, which both present new challenges and amplify existing vulnerabilities in the online environment.

Given that it is the entrance to any experience in a digital-first world, focusing on digital identity must be a priority. It serves as the foundational layer of security and access control. With 80% of cybersecurity attacks stemming from credential abuse, identity-based attacks have become a top method for bad actors, exploiting weaknesses in authentication processes. In response, business leaders must rapidly adopt rigorous security strategies and foster a security-conscious work culture, especially in the era of AI.

Stephen McDermid

Chief Security Officer for EMEA at Okta.

Growing adoption of cyber hygiene practices

Over half (52%) of UK consumers know someone who has had their personal details hacked. Clearly, there is already a concern about cybercrime and a willingness to improve cyber hygiene. For instance, 43% of people in the UK report using different passwords for every online account, a practice that significantly enhances security by ensuring that a breach of one account does not compromise others. In contrast, only 11% use the same password for everything, indicating a growing recognition of the risks associated with password reuse. The shift towards more secure online behaviors reflects a broader understanding of the importance of protecting personal information in an increasingly digital world.

While it’s heartening that consumers have a basic understanding of cyber hygiene, the results show that this simply isn’t enough. Users need help managing their passwords – which we should ultimately be moving beyond anyway - and fear still remains around the implications of AI and the potential security threat that it poses.

AI’s dual role in cybersecurity

The boom in AI has introduced a whole new dimension to Europe and the UK concerns around digital identity. On the one hand, AI enhances cybersecurity by detecting and mitigating threats faster than traditional methods. However, it also presents new risks by enabling more sophisticated cyberattacks, such as AI-generated phishing schemes. The negative implications of the technology appear to be where most UJ consumers are focusing their attention with over half of consumers (54%) across the UK thinking that AI has made the online environment less safe, this rises to two thirds (66%) amongst 18-24 year olds. Furthermore, AI increases the likelihood of digital identity attacks.

The UK public is well-aware of the risks that AI poses, it’s vital that regulation is therefore put in place to mitigate these risks and ensure that we can realize the potential benefits of the technology in a safe and secure way.

Workplace accounts – the forgotten threat

The average consumer has 100 accounts to their name, ranging from social media to online shopping to subscription services. There’s a huge range, but they’re not all equal in terms of risk. Unsurprisingly, financial service and online banking accounts are top of consumers’ worries because it’s where their money is. In fact, 60% identify it as their primary concern, but are they missing a trick?

In some recent cyberattacks such as the NHS hacks and MailChimp data breach in 2022, workplace accounts were the main vector that attackers used for cracking into an organization's system. Despite this, workplace accounts are considered primary targets by only 2% of UK consumers. Organizations must take note of these attitudes. If the workforce doesn’t think that these digital identities are a target for cybercriminals, then businesses must make sure that those accounts are more secure as their workers simply aren’t paying enough attention.

Balancing convenience and security

Clearly there is a concern around cybersecurity and a willingness to become more resilient as shown by the 71% of European consumers that are actively planning to improve their digital identity strategies for enhanced security. Whilst 45% consider protecting their online identity as a personal responsibility, businesses must also do more to protect their identity ecosystems – as shown by the limited consideration for workplace accounts. The approach must be collaborative as agreed with by the 26% of consumers that believe protecting online identity should be a shared responsibility. For this to work effectively we need individuals to take proactive measures, governments to enforce regulations, and businesses to implement robust security measures to ensure a safer online environment for everyone.

One key change should be to make passwords a thing of the past. Not only are they less secure but they also create an added layer of friction for users with 65% of respondents to Okta’s Customer Identity Trends Report 2023 feeling overwhelmed with the number of usernames and passwords they have to manage . Fortunately, there are passwordless options that offer both stronger authentication and more convenience for consumers. For example, enabling users to authenticate with biometrics reduces friction during authentication and increases security since the flow is generally not “phishable”.

With growing cybersecurity concerns in Europe and across the UK, business leaders must rapidly adopt rigorous security strategies and foster a security-conscious work culture, especially in the era of AI, where advanced technologies can both enhance and threaten security measures. This involves implementing multi-factor authentication, passwordless technology, continuous monitoring and regular updates to security protocols while promoting cybersecurity awareness among employees. By integrating these practices into overall business strategy, organizations and governments can protect sensitive information, maintain trust and ensure resilience in an increasingly digital world.

We've featured the best identity theft protection.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://anngonsaigon.site/news/submit-your-story-to-techradar-pro

Stephen McDermid is Chief Security Officer for EMEA at Okta.