Cybersecurity month: Why we need to talk about online identities


[ This article was originally published here ]

Cybercrime is something we can no longer avoid. On a regular basis, we hear about companies we have used experiencing a data breach, or a friend or family member who has fallen victim to online fraud. We may even fall victim ourselves – losing money or experiencing stress or disruption.

There’s no shortage of statistics to demonstrate the scale of this problem – and none of them make for easy reading. Here are just a few recent ones, announced ahead of cyber security month:

  • The global average data breach cost was $4.35 million in 2023
  • Half of global organisations experienced fraud in the past two years, the highest level in 20 years of research
  • 48% of organisations reported an increase in ransomware attacks in the past 12 months
  • In the UK, over £2,300 is stolen through fraud every minute

Securing online identities

At the same time as cybercrime has been on the rise, with the dematerialisation of services available online 24/7, we now need to prove our identities or share attributes remotely.

Think of various incidents where you must prove who you are. That could be providing your passport and social security number when starting with a new employer, presenting bank statements and proof of address when applying for a mortgage or loan, or even proving your vaccination status when travelling – just to name a few.

In most of these instances, having to provide these documents online is not just commonplace – it’s the norm. And unless safeguards are put in place, this could further put consumer data at risk.

Convenience causes risky behaviours

Digital means of proving identity are the way forward and provide a number of benefits; customer convenience being one of them. However, if not done in a secure way – it could put the end user’s data at risk.

We previously surveyed consumers from across Europe and found that many people are engaging in risky behaviours when it comes to sharing their identity credentials.

While many see digital IDs as a convenient means of carrying and showing something that needs to be used frequently – only 27% have an official Digital ID. A far higher proportion of consumers rely on screenshots, digital photos or a scan of their physical ID or similar official document.

Even a sizeable majority of those who have official digital IDs admitted that they have these copies or scans on their phones. With malware attacks on consumer devices on the rise, important and incredibly sensitive information is at risk – leaving consumers open to fraud and identity theft.

The move towards EU ID Wallets

We’ve discussed the move towards EU ID wallets and the countdown to eIDAS2 before, highlighting how it’ll impact the everyday lives of citizens, as well as highlighting what consumers want from a wallet.

Progress is being made and, in 2021, the EU announced that an EU Digital Identity Wallet will be made available to all 450 million citizens of the EU free of charge. After pilot phases in 2024, each member states will notify its digital ID Wallet in 2026 to the EU commission as deployments will commence. The wallet will provide users with full control over their personal data and 80% of EU citizens are expected to be equipped by 2030.

One of the biggest drivers behind this scheme is to ensure that every person eligible for a national ID card has a digital identity that is recognised anywhere in the EU. It will provide a simple and safe way to control how much information you want to share with services that require sharing of information.

The shift to sovereign cloud

To accompany digital ID wallet initiatives and the unrelenting shift towards the digitalisation of credentials and personal data, many governments around the world are seriously looking at sovereign cloud.

A sovereign cloud ensures digital and data sovereignty. It is a means to maintain physical and digital control over strategic assets, including data, algorithms, and critical software. It helps ensure that data remains free from external jurisdiction control and provides the right protection from foreign legislatively enforced access.

At Thales, we believe digital ID wallet ecosystems are the future of digital identity. They will enable smooth and trusted proof of ID and entitlement anywhere, anytime while enabling data privacy to move to the next level by offering the most convenient user experience and compliance with the most stringent security and cyber privacy requirements.

For further reading, please check out the below:

Ad



Source link