Where IT Security Is Headed: 5 Predictions
By Sorell Slaymaker
Insights into mobile-only security, spear-phishing, behavior biometrics, privacy issues, and more. Great security is now the top requirement when building new applications. Here are a few of my predictions: For highly secure applications, mobile devices will become the only source for identity, authentication, and moving exceedingly sensitive information and transactions such as cash.
1) Mobile-Only Security to Become the Standard — For highly secure applications, mobile devices will become the only source for identity, authentication, and moving exceedingly sensitive information and transactions such as cash. Mobile devices provide location, biometrics (face, finger, behavior), certificates, and SMS that mobile apps can use. By tapping into the location, biometrics (face, finger, behavior), certificates, and multifactor authentication capabilities built into mobile devices, developers can make mobile apps more secure than web-based apps. Zero Knowledge, decentralized, device-managed biometrics will continue to rise as a convenient way to authenticate users while eliminating the privacy risk. These biometrics make life easier for people to authenticate with their devices and don’t pose a further security risk because that information doesn’t get stored in a central database.
Prediction — The mobile-only strategy will displace the mobile-first strategy for enhanced security and privacy.
2) Spear Phishing Gets More Sophisticated– Faking/emulating an individual’s voice, SMS hijacking (SIM swap, IMSI, SS7 hacks), and using physical attacks in conjunction with remote attacks (someone on the inside) will become common. Hackers will adopt the methods that advertisers use today to highly personalize communication, to help micro-target their victims.
Prediction – Humans will continue to be the weak link in cybersecurity.
3) Behavior Biometrics Getting Better- Behavior becomes the next great biometric, adding to face and finger. Behavioral biometric verification methods include keystroke dynamics, gait analysis, voice ID, and mouse use characteristics. This in conjunction with location information and historical context will further enable a world with zero passwords. Passwords are the least-effective and most inconvenient way of securing access.
Prediction – Apple & Android will add behavior biometrics to their operating systems and use of passwords will decline.
4) Privacy Issues Remain- As European Union General Data Protection Regulation-like regulation comes to the U.S., privacy will gain more attention. However, it will continue to be an attribute of good security versus a prime driver. Centralized databases with private information (username, password, DNA, social, history, preferences, and so on) will continue to grow because businesses can monetize this data to the tune of trillions of dollars, and consumers prefer convenience over privacy.
Prediction — Security requirements will continue to outweigh privacy requirements/rights.
5)Adaptive Authentication & Authorization Grows– The need to balance security, convenience, and privacy will drive enterprises to implement more sophisticated identity and access management (IAM) systems. The next-generation IAM systems are going to be distributed, adaptive, and continuous. The number of sources for identity (something you know, are, and have, plus location) and rules of access based on context, history, method, threat level, and the drivers to balance retaining consumer personal data for monetization with privacy will increase the IAM rules by a magnitude of 10.
Prediction – A great IAM strategy will continue to serve as the foundation for great security.