Predicting the Unpredictable: What’s Next for Digital Identity in 2021
In all of my years working in this industry, 2020 has been one of the most challenging ones. COVID-19 derailed business-as-usual for virtually every organization across every industry, forcing them to set aside their existing strategies and quickly pivot to deliver remote connectivity at a massive scale to accommodate their workforces, customers, and more. On top of the sheer scalability and efficiency challenges, security risks further raised the stakes as hackers sought to take advantage of the pandemic’s disruption.
As I reflect on the challenges brought on by this year’s uncertainty, here are my top three predictions of how 2020 will shape the industry next year.
Contactless QR code security will become more critical than ever
The use of QR codes has extended beyond just restaurants and hotels. From being posted on office walls to keep employees advised of updates on procedures and processes to airport parking lots and more – you can pretty much find them anywhere with the arrival of COVID-19. While QR codes bring much-needed consumer convenience in these unprecedented times, they also serve up a menu of security concerns as well.
In 2021, even as vaccines are (hopefully) distributed, the reliance on QR codes will remain. The unparalleled convenience will cause them to stay as a lasting impact from the pandemic. Consumers will continue using their personal devices to scan QR codes and enter information like name, email address, phone number, and more. The problem is that QR codes are appealing targets for hackers to get their hands on sensitive data. A hacker could easily embed a malicious URL containing custom malware into a QR code, which could then exfiltrate data from a mobile device when scanned. Building QR codes that direct consumers to dangerous websites expose them to malicious attacks across mobile-threat vectors, including texts, instant messages, or even spam emails. With this in mind, organizations leveraging QR code technology will need to build stronger, standards-based authentication into the systems; otherwise, related hacks will skyrocket in the new year, and consumers will pay the price.
Risk signals are out. Assurance signals are in
In 2020’s digital world, applications, devices, and users often live and work outside corporate boundaries. Continuous assessment of contextual factors (user, device, location, network, threat signals, and more) provides secure access to corporate resources regardless of where they’re hosted. Remote work is here to stay, which means former physical perimeters have been disrupted, and one-time authentication for access to all resources is no longer valid. With the threat landscape more active than ever before, inadequate digital ID verification can heighten risks and liability. Thus, more specific assurance signals of who is in and out of our networks will become essential in 2021.
As organizations move away from risk signals and put a stronger emphasis on these assurance signals, they will be forced to consider all parties within their network to provide a centralized approach to defining and monitoring security controls. Knowing exactly who is there will become one of the most important pieces of organizations’ security postures in the new year.
Remote work will be polished by cleaning up rushed security and adding strong UX
COVID-19 has shined a spotlight on the culture of breaches in 2020. With the abrupt shift to remote work, organizations were forced to shift priorities and rethink approaches to securing remote workers. Many organizations found success in implementing controls for managing remote workers suddenly. However, many were not prepared for the number of phishing and ransomware attacks that came with it.
To succeed in the post-COVID-19 era, organizations must rethink their strategies and offerings to accommodate a new security landscape. As organizations evaluate their 2021 budgets, they will be forced to allocate a portion towards the weak areas that COVID exposed in 2020. As companies take a more holistic view of their security infrastructure, there needs to be a greater emphasis on embedded security in order to prevent further damage as the remote work trend continues.
While it is next to impossible to completely prevent cyberattacks, more in-depth efforts towards security are imperative in this age of heightened risks. Organizations will need to remain hyper-vigilant on striking a balance between strong user experience and robust security protocols. Though gaps and hiccups have slipped through the cracks in 2020 due to rapid transformation, organizations will need to polish their processes in 2021 to ensure users are both satisfied and protected.
While there’s no crystal ball for what 2021 will hold, history is a strong indicator that attackers will continue to refine their methods to take advantage of global events and adopt new technologies. I believe that we will learn from the challenges that 2020 brought in order to make the changes needed for a stronger, more secure world. I also hope that everyone has a safe and joyous holiday season and a prosperous New Year.