View Post

From the toll of the pandemic to the attack January 6 on the U.S. Capitol, trust has eroded. Today’s columnist, David Bradbury of Okta, says security teams can play a leading role in regaining consumer trust in a post-pandemic world. GageSkidmore CreativeCommons Credit: CC BY-SA 2.0

Trust has hit new lows around the world. From the devastating impact and ineffectiveness in stemming the COVID-19 pandemic to the recent insurgency at the U.S. Capitol, the past 12 months were fraught with highly contentious events that contributed to a larger atmosphere of doubt, suspicion, and skepticism. This erosion of trust has serious consequences and businesses are far from unaffected. Businesses have to get proactive about winning back consumer trust. So how quickly can they innovate while prioritizing safety and privacy and continuing to successfully nurture and grow their customer bases?

Business must take a modern approach to security. More than 80 percent of consumers rank trust as one of the most important factors in their buying decisions, and almost the same percentage of consumers are more or equally concerned with cybersecurity now compared to last year. As we approach this new reality, here are three emerging security trends that companies can capitalize on to win back consumer trust and thrive in a post-pandemic world:

  • After the rapid shift to digital, enterprises left customers ill-protected. 

At the beginning of the pandemic, enterprises rushed to secure employees as they quickly transitioned to a fully remote workforce. While security teams had great success securing the inner workings of companies, that same level of rigor often wasn’t applied to customer accounts in front-end websites and mobile applications.

Moving forward, businesses must meet customers where they are—online—and deploy new tools to safeguard them. Between social distancing guidelines and shelter-in-place orders, the pandemic transformed consumer behavior; the percentage of American consumers who prefer wholly-digital shopping increased by more than 20 percent since March 2020 while the number of purchases made digitally grew by 60 percent. Business growth demands a reliable, secure digital identity that doesn’t slow or interrupt the flow of a customer interaction. That’s why a handful of the world’s 100 most visited websites will retire the use of usernames and passwords altogether this year. As more websites rely on the security context of devices, alongside biometric capabilities now present within laptops and mobile devices, it’s easy to provide a far more robust and streamlined sign-on experience. Other frictionless components, such as magic links sent via email, will soon replace commonplace technologies like text messaging for two-factor authentication.

  • Passwords present more threats, calling for new security measures.

While some organizations have started phasing them out entirely, passwords—along with the threats they pose to consumers and businesses—are still the norm. In 2017, it was predicted that the number of passwords used by both humans and machines would reach 300 billion by 2020. A more recent report noted that the pandemic led to a 25 percent increase in the number of passwords per average user. Before the pandemic pushed everyday activity to entirely digital channels, we only had around 70 to 80 passwords. Today, we now have about 100 passwords. To move forward, we need to address this technical debt. Consider customer accounts created while purchasing an item from an online store three years ago. Is that account still sitting there, ready for anyone to login and use it? 

Verizon’s 2020 Data Breach Investigations Report said credential theft is at the root of a vast majority of hacking and “even breaches in general,” with more than 80 percent of breaches involving brute force or the use of stolen credentials. Past decisions were made in the best interest of retaining customers and reducing friction in the online experience. Now, when the use of shared passwords across multiple providers presents a very low bar for attackers, we must re-examine these decisions and implement new technologies to safeguard customers.

We are within reach of a future without passwords, so long as we put the right infrastructure in place. The technology available today can make identity so much more flexible. We can extend identity into wearables like smart jewelry and discover alternate biometric models such as dynamic hand gestures. These emerging technologies will grant more freedom than ever to individuals to choose preferred access methods that better suit them and their lifestyle.

  • As online activity increases, decentralized identities will challenge the status quo.

We’re now buying clothes, ordering food, connecting with friends, and even visiting healthcare providers entirely online, and through multiple devices. Every one of these interactions offers another instance for a malicious actor to strike. Many digital leaders have already tapped into blockchain’s distributed ledger capabilities to help users retain control of their identity. This represents just the beginning and we must invest more time and resources to thoughtfully explore how to best put identities back into the hands of individuals. Imagine a world where the individual has control over who gets to see the information used to prove who they are. In a privacy-first world, this has immense power to create trusted connections without having to rely upon larger tech companies. 

As business leaders think about how to bounce back from the recent downturn, they must recognize that regaining—and then keeping—the trust of customers remains the most significant impediment to regaining normalcy. Looking to a post-pandemic future, there are immediate steps businesses can take, like rolling out magic links in place of text message MFA to restore a sense of security and confidence among consumers. When we begin to seriously explore and adopt newer, more innovative identity solutions, we can’t forget that trust must always lie at the core.

David Bradbury, chief security officer, Okta