Global leader in identity and data security, Entrust, shares thoughts on the state of the cyber security landscape as we move into 2024.
It’s the year of reckoning for the identity crisis: The decentralised identity movement goes mainstream in the age of AI
“AI spending in the Asia-Pacific region is projected to reach $78 billion by 2027 – with this rapid development and adoption of AI, we have seen bad actors find new ways to exploit the technology and use it to create more sophisticated phishing attacks and deepfakes at scale. Generative AI can craft highly convincing phishing messages that mimic the writing style of a trusted contact, making it increasingly difficult to spot these malicious communications. Their top targets? Consumer identities.
Identity is the thread that ties the world together, making it a high-value target for cybercriminals. This will reach a fever pitch in 2024 as the entire nature of identity is being disrupted as a result of AI, making it increasingly difficult to know who to trust and how to identify who (or what) you’re interacting with. Gartner predicted that, by 2024, over 80% of organisations will face modern privacy and data protection requirements. To overcome these challenges head on, many countries in the Asia Pacific region are pushing for increased privacy and data protection laws, initiating stricter regulations to protect consumer identities. We predict more organisations will adopt a decentralised approach to identity and turn to increased levels of verification, including knowledge-based, document, biometric and device authentication to further validate users.
The bottom line: It’s time to give individuals full ownership of their identities. With decentralised identity, all the information used to build an identity is encrypted and protected with digital keys that can be used to confirm an individual’s identity without exposure. Businesses don’t store those – the individual does. The core elements of a decentralised identity framework include an identity wallet, blockchain ledger, decentralised identifier and zero-knowledge proofs. Decentralised identity is overdue to go mainstream, and in 2024, we must all work towards a world with more privacy and less fraud. There is no reason why consumers should continue compromising on privacy, trading their identity for access, and taking the security risk that comes with surrendering their personal information in order to get the products, services or information they want.” – James Cook, Director of Digital Security, Asia Pacific & Japan at Entrust
Inclusion and access in digital identity become table stakes
“As the lines between our physical and digital lives continue to blur, our world is increasingly moving towards a future where digital identity is foundational to social and economic mobility – which presents significant regulatory, ethical and practical implementation questions. Many of us take for granted having an ID – without realising what it means not to.
In Australia, more than 10.5 million people have a digital ID to access government services, allowing them to verify their identity in a secure manner when accessing services. As we continue to increase access to digital services, there is an even greater need for secure and convenient identity verification, online or in-person. This is increasingly important as 72% of APAC organisations have fallen victim to identity-based attacks in 2022.
In the next year, we will see these changes drive an urgent call to action as identity technology becomes more integrated and secure in our everyday lives. This could mean improving access to mobile smartphones, ensuring apps use basic language instead of technical, offering setup assistance at major travel points, etc. In 2024, progress must be made to make digital identity truly inclusive and accessible to all.” – Angus McDougall. Regional Vice President, Asia Pacific & Japan at Entrust
CISOs need to prepare for increased government involvement in 2024
“There is no doubt that the use of AI is here to stay. As we see AI integrate more into our daily lives, the Australian government has developed a voluntary framework of AI principles to help ensure that AI is safe, secure and reliable.
Australia already has several pieces of legislation regulating AI usage in specific settings or circumstances. However, the regulatory environment for AI is patchwork, and regulatory gaps likely exist. The Australian government is looking at ways to develop safe and responsible AI practices and while it I s not looking to urgently regulate AI, CISOs must prepare for this increasing trend of regulation, as more countries around the world promote more responsible use of AI. Although the nation is taking a more wait-and-see approach, businesses should consider each new initiative a call to action to improve not only their own cybersecurity strategies, but also to consider the impact of new technologies, like AI, on their organisation and their customers.
An uptick in government guidance will help create a blueprint for businesses to navigate rising challenges and security threats. But understanding and complying with the anticipated patchwork of regulations and regional legislation may pose a challenge for businesses, especially those operating across borders. CISOs and leaders in the region will need trusted advisors, sound support, and secure solutions to successfully and safely forge ahead.” – James Cook, Director of Digital Security, Asia Pacific & Japan at Entrust