Sadly we don’t think we have seen the last of the cybersecurity breaches. The most significant breach in 2022 was Medibank with millions of customer records, including highly sensitive PII stolen. The cost of remediation is expected to exceed $25 million with the impact on affected customers likely to last many more months, or even years.
Worst may be yet to come. A storm is brewing, and all Australian businesses need to heed the warnings that the last quarter of 2022 has shown and act now to close vulnerabilities.
What are the trends to come in 2023 for the industry?
Cybersecurity threats will continue to increase in 2023, and there will be a significant shift to threats upon SMEs and small businesses, not just enterprises. The new Australian Govt will continue to shape laws to ensure organisations are taking the appropriate steps to help keep their customers and employees safe. Cybersecurity will become the new “mining” industry by way of its significant growth and contribution to GDP over the next four years.
Biometrics widespread adoption
Biometrics will increase in adoption throughout 2023, with companies like PayPal, and the banking sector seeking to rapidly deploy the tech to secure customer information. According to leading economists, the global biometric tech market size is projected to reach $11.49B by 2026. Biometrics will increase in adoption for cyber defence in 2023 and the critical national infrastructure sector will lead Australia’s biometric enabled convergence adoption.
Biometrics will come under greater regulation and legislation in 2023 globally, and we will start to see the industry move beyond ‘the wild west’. For consumers, it is vital to clearly articulate in terms and language appropriate for the audience how biometrics will be used, linking this to the problem being addressed, and how their data is being used and protected.
In addition, it will be important to delineate between the applications of technology. For example, law enforcement using biometrics to identify people who’ve been confirmed as a threat to public safety versus biometrics for general mass identification without consent.
Businesses need to adopt and work with partners who are transparent and ensure any biometrics program is initiated on a consent basis when the scope and context is clearly communicated to the user for them to opt in. This will be a significant maturity step forward in 2023 for biometric technology and there will be clear understanding of the concepts of consent, scope, and control for each use case when it comes to privacy and security.
There is still a lot of education to be conducted when it comes to the use of biometrics. Not every biometric solution is the same and providers must prove themselves on the ethical use of biometrics. Once the market becomes less risk averse to biometrics, it will play a significant role in MFA and identity. It’s the next evolution of verifiable authentication.
MFA fatigue to increase further in 2023
Daltrey predicts that at least 50% of large Aussie firms will remove or begin the process to remove passwords, and adopt impersonation resistant authentication controls in early 2023.
MFA fatigue will only increase in 2023, with providers adding extra steps to their current MFA products in an attempt to address it. This is likely to increase friction in an already unfriendly user experience. CISO and IT teams will be closely examining alternatives to provide better trade-offs between security and user experience. Verifiable credentials are gaining momentum and the concept is slowly translating outside decentralised identity management.
In addition, it will become the basis of strong authentication which starts with identity proofing (there is no point authenticating if you don’t know who you are authenticating). In line with the numerous cyber hacks which have occurred across the globe in 2022, this will be a strong focus for 2023. Even the FIDO Alliance is working on defining standards for identity proofing as they acknowledge this is a significant gap in their value proposition.
Digital identity will be the number one priority for organisations of any size in 2023. With the rise of stolen data, it’s becoming more prevalent to see stolen identities. Internal espionage will be a significant risk as well, and therefore robust Digital ID’s will be imperative.