As we close the celebration of the 19th annual Cybersecurity Awareness Month this October, it’s an ideal time to focus on the need to improve all cybersecurity measures by eliminating passwords and enabling organizations public and private to identify exactly who is accessing their online services.

This year, the National Cybersecurity Alliance has focused on four key cyber behaviors: enabling MFA, using strong passwords, updating software, and recognizing and reporting phishing. Identity-based authentication addresses three of the four.

The NCA has also released some statistics around these themes – all related at least in part to identity and access management:

  • 495 million ransomware attacks occurred during the first 9 months of 2021, this was a 148% increase on the previous year (Source: SonicWall)
  • A successful phishing attack can be so convincing that you won’t even know that you were affected (Source: Soft Activity)
  • There are over 15 million passwords for sale by cybercriminals on the dark web (Source: Digital Shadows)
  • 81% of breaches leverage stolen or weak passwords (Source: LastPass)

While these stats are staggering, they come as no surprise to most of us who see phishing emails and news worthy data breaches nearly every day. What advice do we commonly hear in response to these cybersecurity missteps? Use strong passwords. Enable MFA. Train your employees to watch for phishing emails. 

While there’s nothing wrong with these ideas, they don’t really solve the fundamental cybersecurity issue that is causing all of these breaches: impostors can hide behind legitimate, but compromised accounts. The net result is we don’t really know who is on the other end of our digital connections. And until we do, these issues will continue to inhibit the ability of IT and Security leaders to control their networks.

Just as Steve Jobs replaced the stylus with a fingertip 12 or so years ago, identity-based authentication replaces passwords with a verified, identity-backed biometric. When you prove each user’s identity every time they log in, this solves several issues and improves every downstream security measure. 

To start, the need for anti-phishing solutions, 2FA codes, and disjointed MFA become artifacts of obsolete passwords. But, verifying user identity pays other dividends. With a transformational level of trust, organizations can move higher value transactions online, improve the experience for legitimate users with less friction, and virtually eliminate account takeover.

At 1Kosmos, our BlockID solution delivers these capabilities, but also transforms user onboarding from a manual process where PII is exchanged in the clear over email, text and fax to a highly automated and streamlined process that protects user PII from end-to-end. BlockID also eliminates centralized storage and administration of user PII, so there is no honeypot of user information for hackers to target. Users manage their own data. Administrators have no access, alleviating GDPR and other privacy and compliance needs.

By adding identity as a key pillar to network security and putting users in control of their own data, we improve security with passwordless access, but we do so in a way that addresses privacy. With authentication that is truly based on identity instead of hope, organizations will no longer be held hostage to data breach, ransomware, and financial fraud perpetrated via identity deception. This would certainly be something worth celebrating!

Overcoming Resistance to Change on the Journey to Passwordless MFA
Read More