By Sebastián Stranieri, CEO of VU Security
Since the pandemic began, many things have been said about the future. Predictions about the impact of the new normal on our daily lives can be found anywhere, and they all have one thing in common—they talk about a less physical world. While many industries make emphasis on how things changed, truth is: nothing really changed in cybersecurity.
Information security has had, for years now, a main role within the business process of any kind of public or private organization. What had usually been a last-minute addition became a neural aspect for the business, as part of the digital transformation process, which is now accelerated by the COVID-19. Today, millions of people are working from home, using poorly protected Wi-Fi connections, logging in on unprotected virtual meetings and providing attackers with billions of devices connected to the Internet.
The shift to a contactless reality not only raised awareness to unprecedented levels, but also made cybersecurity more important than ever before. Information security appears as a key element to prevent cyberattacks, but also to simplify digital processes, increase the security levels of transactions and to improve the user experience. More relevant it is the technology that helps organizations authenticate the digital identity of each individual.
Whether they are employees, customers, providers, associates, company board members or public officials, each one of them has a set of attributes that link their personal entity with their online interactions—their digital identity, based hugely on the human factor. The digital identity is the base of the implementation of any digital system that organizations use to reach the customer.
Based on the changing digital habits of the customers, companies and governments can choose what kind of technology they should implement aligned with the business strategy, because any customer-related change must be done considering the final user’s needs and habits. These are the main aspects to consider in this race against time.
- Traceability of consent. Every organization should have a system to audit when and what a customer, citizen or user is agreeing to. At the same time, the system should ask and register any kind of update of the agreement by the individual.
- Right to be forgotten. All platforms of digital information exchange must implement, effectively and easily, a functionality to allow each user to unsubscribe or ask for his personal records without having to remember a password.
- Complexity of attacks. The teamwork distribution generates, as an inevitable consequence, an increase of the attack surfaces for all kinds of organizations. As a result, if the team isn’t ready, it could be quite difficult to identify attacks such as ransomware, spear-phishing, and social engineering techniques, due to their current levels of complexity.
A huge percentage of organizations have limited resources destined for information security, which could lead to reputation damage, service interruption or severe penalties for privacy and confidentiality issues. More investment and training are fundamental to avoid these problems and prevent, as a whole, any kind of attack of a cybersecurity threat. The implementation of digital signature and biometrics such as facial recognition, for example, as authentication methods, are part of a trend that’s been present for years now but is seeing a rise in the new contactless reality we’re living.