We live in a digitally-dependent world, and the pandemic has only accelerated the mass digital migration. With every personal device that we connect, another pathway gets opened as an access point for fraudsters.
As people move fluidly between physical and digital interactions, static identities are no longer sufficient to verify people, their actions or intentions. But with technology, progressive policies and consumer education, we can create a trustworthy digital identity ecosystem that improves the security, privacy and convenience of identification — a critical step in instilling confidence in global connectivity.
Security leaders need to harness the power of digital identity and identity literacy and take steps to move businesses and society forward. We can ensure that everyone benefits from broadening the definition of identity —beyond a name, a citizenship, a gender — while also making identity more universally understood.
What’s keeping businesses from moving forward? For starters, a belief that identity verification operates as a siloed operational task. We are also held back by costly, inefficient legacy systems averse to innovation, organizations that have difficulty designing a vision for the future while managing through today’s crisis, and competitive mindsets that caution against collaboration and a trusted verification ecosystem. Finally there’s too much tension in highly regulated industries like banking, manufacturing, and medical care, where governance, outdated policies and regulation slow down progress.
Looking ahead, there are five ways cybersecurity leaders can focus to drive a greater understanding of these barriers and higher adoption of technology that’s no longer an alternative to analog processes, but more accurate and resilient.
- Embrace adaptive identities and contextual privacy.
Our identities are dynamic—shifting and adapting as we evolve through our lives—and we should also have adaptive security and authentication solutions that change as we change. We must begin to embrace the future of adaptive identities, which will include important identity documents like driver’s licenses and passports, but also new solutions to capture and connect contextual identity signals that suit the natural flow of our lives as consumers and citizens.
- Design for physical and digital security.
Physical and digital security will increasingly tie together as virtual and in-person experiences blur. There are real-world implications to cyberattacks and breaches, and this will force enterprises to assume responsibility for digital security. At the same time, technology products exist to help securely automate many in-person tasks linked to our physical identity, such as DMV appointments, voting, doctor visits, remote work access, and real estate closings. Just as there are now “card-not-present” transactions, the dualized future calls for the ability to securely perform person-not-present transactions. We can design this by curating technology, mashing up verification systems and creating trusted partnerships.
- Acknowledge that "things" need an identity, too.
We have arrived at a moment when our behavior and choices are captured by “things”—our phones, computers, cars, TVs and wearable tech—and these devices and machines are now influencing our financial well-being, our right to participate in sports, our right to access restaurants and buildings, and our right to cross state and country borders. Verifying that these devices belong to us and that it’s our behavior they’re capturing will become a critical piece of a bigger identity picture.
- Collaborate to compete.
Would anyone have guessed a year ago that Apple and Google would share data? Probably not, but as COVID-19 spread they broke down rivalries to fight a common enemy. The same concept applies in fighting synthetic identity fraud, which we cannot defeat entity by entity, individual by individual—but as a unified, global consortium working to detect fraud.
- Make it personal.
Identity has been a niche for so long, but in fact it’s relevant to every single person. As business leaders, the more we can step back from our corporate mindset and consider our own daily routine—the breadcrumbs we leave behind as we shop, sign up, send money, log in—the more we’ll understand that identity does not function as a niche. It’s a basic right and invaluable key to how society and commerce come together. If we design for privacy, choice and access—embracing cutting-edge protocols and encryption methods for protecting data—we’ll solve important business issues simultaneously for ourselves and our companies.
We must shift our perceptions of cybersecurity and show how it ties to human identities. Think of cybersecurity as an emotional and relatable practice informed by math and technology to protect people and businesses. Verifying identities stands at the core of cybersecurity because it sits at the intersection of experience, fraud detection, risk and growth. It’s a strategic, cross-functional imperative to the e-business agenda, not just a surgical moment in time for one department, one customer or one employee. We should design for a world where verifying identities becomes invisible, requiring no action from an individual.
Carey O’Connor Kolaja, chief executive officer, AU10TIX