In this article we take a look at and keep you updated on some of the biggest security news in today’s digital identity space.
By Tim Spring
KeyFactor recently looked at key insights from the Gartner Hype Cycle for digital identity in 2022 and broke down what they meant. One interesting point they make is that while most people think of digital identity in terms of how people identify themselves online, the proliferation of IoT devices in recent years means that machine identity is outpacing human identity. With machine identity incorporating digital devices of all kinds, APIs, applications and containers, Gartner notes that the ratio of machine identities to humans is now 10:1. The result? A growing concern that many security teams are struggling to keep up. As bad actors adapt to the new increase in targets, Security Boulevard reports that “attacks grew 400% from 2017 to 2021, and in 2020, 50% of cloud security failures resulted from inadequate management of machine identities and permissions.” You can find the full Gartner Hype Cycle report here.
In our ever expanding virtual world this article serves as an excellent reminder to be selective about whom you share your data with, and who you allow access to. Eric Tran-Le, Vice President and head of Actimize Premier at NICE Actimize, writing on behalf of the Credit Union National Association, provides a deep dive into what synthetic identity fraud is. Synthetic identity fraud is when someone cobbles together a new identity from whatever authentic information they can find and falsifies the rest. Tran-Le explains that this type of fraud is so difficult to catch because “Financial institutions [are] struggling with the lack of a single source of truth for identity verification, siloed identity verification data sources, and inaccurate identity data across data sources.” Being able to trust who they are talking to on the customer side is critical for financial institutions, and Tran-Le touches on a few ideas for how to reduce risk before the article ends. We would adjust that list slightly in order to add the option for verifiable credential solutions, which Indicio has delivered for several financial institutions, and is the backbone of our recently launched Proven actionable credential suite: Indicio’s open source answer for any organization needing a trusted, verifiable, and complete data solution.
IBM recently published their Cost of a Data Breach Report for 2022 and some of the numbers are staggering: From the global average total cost of a data breach being USD 4.35 million to it taking, on average, 277 days to identify and contain a data breach, the numbers signal the high cost of cyber insecurity.
A few of the statistics we found interesting – and terrifying:
- 83% of companies that suffered a data breach admit it’s not their first one
- “organizations that don’t deploy zero trust incur an average of USD 1 million in greater breach costs compared to those that do deploy”
- “The most common initial attack vector in 2022 was stolen or compromised credentials, responsible for 19% of breaches in the study”
A quick reminder that decentralized verifiable credentials facilitate the continuous verification required by Zero Trust approaches.
Ansgar Steden, the Chief Revenue Officer for Utimaco, provides a unique look into the security of healthcare and the trust the public have in that security in this article for Open Access Government. Due to the COVID 19 pandemic there was a significant rise in virtual healthcare, with the UK’s National Health Service (NHS) app “being downloaded over 16 million times.” Now, the NHS is looking into using technology to improve the healthcare available virtually. Some of the ideas include: access to high definition remote operations, connecting ambulances to more immediately see patients in critical conditions, and devices for real time monitoring of patients’ vitals. While these are all things that would be helpful to doctors and patients, the volume of sensitive information needing to be shared presents a massive security risk. Indeed, hospitals and healthcare organizations are already the sector paying the most for data breaches according to IBM’s Data Breach Report. The article calls out the need for increased trust before these new features will see widespread adoption, saying, “Devices need to ‘know and trust’ each other and so digital identity becomes paramount.”
Again, the best solution is decentralized verifiable credentials that provide privacy-preserving features. There’s an entire open-source codebase developed by Indicio and SITA that can be deployed for these kinds of use cases at the Cardea Project at Linux Foundation Public Health.