Authored by: Andrew Shikiar, Chief Marketing Officer and Executive Director of FIDO Alliance
Less than half of the companies in Southeast Asia involve cybersecurity functions at the planning stage of a new business initiative, according to a report by EY Global Information Security Survey (GISS). This is of concern as there is an urgent need for businesses to properly guard themselves against alarmingly frequent cyberattacks. Hackers launch a new cyberattack every 39 seconds and these attacks can directly cost businesses millions of dollars, not to mention irreversible damage to their reputation.
There has been accelerated adoption of technology and digitisation of everything across the world as businesses sought ways to run more efficiently and effectively to mitigate the impact of the global pandemic in the last few months. With traditional boundaries disappearing in the current digital landscape, cybercriminals are taking advantage of the situation, capitalising on the anxiety and fear to intensify cyberattacks and phishing activities, as well as targeting the wider attack surface area of more decentralised work environments.
As businesses focus on online engagement and strengthen virtual customer experiences in today’s reality of physical and social distancing, cybersecurity must be at the forefront of their considerations -- starting with user authentication.
Secure communication and collaboration tools
The need for enhanced authentication of online identities is more critical than ever. According to a recent INTERPOL report, cybercriminals are boosting their attacks at an alarming pace, especially during these uncertain times. This is no surprise as businesses have had to quickly shift to a remote workforce without being able to build the proper cyber defences over the last few months. This accelerated digitalisation quickly revealed just how unprepared businesses are and cybercriminals are quick to pounce on the opportunity.
As we increasingly rely on connected devices and live our lives online – doing everything from banking, learning, socialising and of course, working – identifying who is on the other end of the line is of utmost importance.
Remote working and studying arrangements will continue. Chat, email, business communication and collaboration as well as video conferencing tools that have been vital during the pandemic will also need to be secure. User authentication needs to be fool proof to ensure that people connecting to these tools are who they say they are – lest it births a new entry point for cybercriminals to attack.
Authentication across multiple devices
In today’s business environment, employees connect to the corporate network using multiple devices. These can include desktop and laptop computers, mobile phones, tablets and so on. Having more devices simply means more accounts for the employees to handle. However, password reuse is a problem, and organisations do struggle with visibility into their employee password practices. According to a survey conducted by Google, as many as 65 per cent of people reuse the same password for multiple or all accounts. With attacks becoming more sophisticated -- and most successful data breaches the result of weak or compromised passwords -- it is critical to leverage secure authentication methods that do not rely on passwords or other server-side credentials.
Many organisations have already adopted multi-factor authentication (MFA or 2FA), which is definitely a step in the right direction. However, not all MFA is created equal - and SMS-based authentication methods such as OTPs are still prone to attacks and are not suitable to protect valuable assets.
Instead, cryptographically secure authentication that keeps login information secure and private – such as the one that FIDO standards provide – should be the preferred path forward. The FIDO approach leverages public key cryptography where user login credentials and biometric information stay on -- and never leave -- the device.
Such authentication methods help increase the confidence that users requesting access are actually the same person who enrolled in the service. This in turn mitigates authentication risks for service providers as it limits their downstream exposure in the event of a data breach, while also providing a fundamentally better user experience.
More importantly, the FIDO approach is highly scalable and ready to deploy today. it is available on 4 billion devices that consumers and businesses use every day, ensuring that operations continue to run seamlessly – no matter the workload and location – while still protected from threats.
Business continuity and cybersecurity planning
Business continuity planning is about putting in place the processes and systems for prevention and recovery from potential threats. These plans ensure that personnel and assets are protected, and businesses will be able to function quickly in the event of a disaster. As such, modern day business continuity plans cannot be complete if they do not address cyberthreats.
As witnessed from the current health crisis, it is crucial that businesses are prepared for serious and unpredictable disruption. As businesses rebuild and recover from the impact, leaders cannot ignore the fact that scalable and secure authentication is essential to business continuity and resilience.