A large survey of 700 companies around the world, some of which are French, reveals that 97% of them face security issues related to identity verification. They also fear increasingly sophisticated attacks that rely on AI to target them.
Cyberattacks affecting companies, administrations or individuals continue to fill the media. This shows the scale that they are taking on and, above all, the increasingly sophisticated techniques that are deployed to reach their targets, in particular the use of artificial intelligence. A recent report published by Malwarebytes indicated that ransomware attacks had increased by 68% in part due to AI.
However, according to Ping Identity, which produces its annual report on security threats facing companies, less than half of them use 2 or multi-factor identity verification. Alarming figures which reflect, like individuals, a lack of knowledge of the risks incurred in the event of neglect of data security tools.
What is MFA, used by only 45% of companies?
The report indicates that 45% of organizations use two-factor or multi-factor identity verification, 2FA or MFA and even fewer (44%) use biometric identification. As Patrick Harding, Technical Director at Ping Identity, points out, “ If fewer than half of organizations implement multi-factor authentication (MFA), they find themselves seriously exposed and less resilient to cybercriminals exploiting increasingly sophisticated AI tactics “. However, this security measure is neither complicated to set up nor to use.
Multi-factor authentication (MFA) is an identity verification method that requires at least two verification factors. It is essential for a solid identity and access management (IAM) policy.
Instead of just a username and password, MFA requires one or more additional verification factors, reducing the likelihood that a cyberattack can be successful. Additional verification factors can be one-time passwords (OTP), which are often received by email, SMS or certain mobile applications.
MFA is generally based on three types of information known as knowledge, possession, and inherence. Knowledge such as elements you know, a password or a PIN, possession, i.e. objects you have, such as a badge or a smartphone and finally the inherence which defines elements
that constitute you, such as biometric fingerprints or voice recognition.
Decentralized identity, a solution against identity fraud on the rise, chosen by 38% of companies
The report indicates that 54% of executives surveyed are concerned about the increase in AI-assisted identity fraud, with limited confidence in detecting deepfakes and insufficient defense against AI attacks. However, the adoption of decentralized identity by 38% of companies as a fraud protection measure is increasing, but still remains low. However, it is one of the strongest security options.
Indeed, decentralized identity is a universal system which aims to simplify the authentication of people by relying on blockchain technologies and other distributed registers. It allows each individual to have their own identity, by controlling the information they choose to share in the form of certificates. It comes in opposition to centralized identity, used by practically all organizations, services or companies, on which users register by communicating information about their own identity, without really knowing what use will be made of it, despite the GDPR.
Decentralized identity offers more robust authentication while allowing everyone to have better control of their personal data. It avoids spreading your personal data all over the web.
In comparison, it is considered more effective than MFA which can today, thanks in particular to AI, allow hackers to steal chosen identifiers, or to buy them on the Dark Web. It is therefore still surprising that this choice is not favored by companies. However, according to Philippe Beraud, Chief Technology and Security Advisor at Microsoft, this surely promises to be a new standard in the very near future.
Source : Help Net Security, Ping Identity
0