Digital transformation strategies have contributed to a fast pace of technological change. There comes an ever-increasing frequency of cyber-attacks. The attackers look to exploit and circumnavigate new technologies. Global regulators and policymakers on the other side, have been enacting or modifying laws to protect sensitive and critical data at all levels.
The EU General Data Protection Regulation (GDPR) became the gold standard for data protection and user privacy. The pandemic has accelerated global digital transformation efforts. This is because of the businesses around the world had to rapidly adapt and digitise. This led to greater pressure on regulators and policymakers to protect the public from the risks associated with this new normal. In 2021 President Biden enacted an executive order to improve cybersecurity initiatives. Many government agencies tend to fall victim to the same attacks. Because they hold large quantities of valuable data. With advancing technology, regulation must also keep pace.
The biggest regulatory change in recent years was the introduction of GDPR. Regulation standards require authentication methods and secure access controls to be implemented. And that is when handling critical and classified data. Not all authentication methods provide equal protection against today’s cyber threats. Basic authentication such as the username and password combination, and even forms of two-factor authentication (2FA) such as SMS-based one-time passcodes (OTPs) are better. They are not sufficiently strong enough to protect data, systems, and applications. Industry regulations are beginning to address authentication minimum standards. Meanwhile others are relying on frameworks, like Zero Trust.
The EU Commission revealed its plans to revise the electronic IDentification, Authentication and trust Services (eIDAS) mandate. They aimed to ensure secure digital interactions between organisations, government authorities, and individuals. They pertain to online authentication, digital signatures, and national electronic ID policies. The pandemic has also accelerated growth in cybercrime. Once a target has been compromised, cybercriminals have the freedom to seek out and obtain valuable digital assets. Cybercriminals can utilise that are programmed specifically to steal the credentials of companies with poor and inadequate security measures in place.
Phishing works by posing as a trusted or legitimate source, usually by email and tricking a target into opening a website or link provided. Then the target will be prompted to provide their login details, and unknowingly share their information. The basic level of 2FA along with traditional usernames and passwords, are not as advanced in protecting data. Organisations should consider adopting newer methods of stronger authentication and security. So that, they can effectively withstand and prevent emerging cyber threats. Multi-factor authentication (MFA) and strong 2FA have been proved. Security protocols need to incorporate stronger authentication and comply with government regulations.
Such innovative devices have been able to combat MitM attacks. In October 2021 Google announced plans to auto-enrol 150 million of its users into a 2FA programme. This is to make it a required process for two million of its YouTube creators. Cyber-attacks focusing on credential theft, strong authentication holds the key to drastically reducing the impact. Additional verification via hardware-based authentication, helps to counteract the risks associated with stolen credentials. Hardware-backed security devices are leading the way in eliminating phishing and MitM attacks.