In the aftermath of a tumultuous year, looking ahead to 2021 is a daunting prospect. Many organizations feel they are still coping with the changes demanded by 2020, much less making plans for the next year.
2021 is here, however, and with it is the need for an updated cybersecurity that can adapt to the times. Here are a few of the trends likely to influence the use of biometrics in cybersecurity in the coming year.
Trend 1: Increased Emphasis on Multi-Layer Cybersecurity Strategies
It’s not surprising that after the Solar Winds hack in December 2020, businesses have been hyper-vigilant about their security. Interestingly, the Solar Winds attack was a ‘supply chain’ hack, not a direct attack on systems, and was instead embedded in code during the software build process. The initial breach of security systems was quite sophisticated, but the remaining attack steps after gaining access were quite traditional. This combination of typical strategies with sophisticated entry means there was no single cybersecurity tactic that could have stopped it, although multiple layers of security may have.
The significance of a multi-layer cybersecurity strategy means that there’s no single point of failure or guaranteed access in a system. Zero Trust strategies are typically a way to implement this, requiring a login or identity assurance for each level of access or entry into a business system. Adding multi factor authentication, even just SMS based 2FA, is another layer. By requiring authentication through multiple channels, your organization improves security in multiple ways. Multiple channels mean increased difficulty in spoofing multiple access points simultaneously, and multiple authentication methods provide greater assurance in accurate identity verification.
Trend 2: Increased Use of Biometrics for Authentication
Despite increased concerns over privacy (see Trend 3), Biometrics remain the most accurate way to identify people. Because of this, biometrics are increasingly a part of the authentication methods for accessing business systems. Microsoft has been a major advocate for passwordless authentication in the enterprise, noting the cost of password resets, lost productive time, and how vulnerable passwords are to being stolen or brute-forced.
Relying on fingerprints, facial recognition, or even voice recognition means that access to sensitive data and business tools is protected by a higher level of identity assurance than just username and password. Which biometrics are used to verify identity after a user has initially enrolled is typically a choice made by the organization, and is influenced by user friction, ease of integrating a given biometric solution into existing systems, and which systems or software require higher user authentication standards.
With the use of biometrics and the improved cybersecurity they offer comes the other element to their use: the privacy and protection of that biometric data.
Trend 3: Greater Emphasis on User Privacy and Personal Data Protection
CCPA was a game changer, and began getting enforced in July of 2020, and later in the year California passed an addition to the Act that made it even more strict. CCPA is not the only legislation regarding privacy to have been passed in 2020; 30 states and Puerto Rico all had some form of privacy legislation or bill considered this year.
Privacy and data protection are top of mind for many consumers, and any organization that is doing consumer-facing business will need to be ahead of this trend in 2021. Ensuring that access to sensitive data is protected with multifactor authentication to even see it is one way; encrypting the data is another.
Emphasis on protecting personal data isn’t just consumer facing. Employee personal data is also included under many of the privacy legislation passed in recent years, and any businesses using tools that collect biometric data or other Personally Identifiable Information should be taking steps to protect the employee data collected.
Trend 4: Remote Work, and Remote Employee Security Risk, Is Here to Stay
What was originally going to be just a few weeks of sheltering in place has become one of the biggest changes to how work is done in decades. Before 2020, working from home was considered an optional perk, with the vast majority of businesses preferring that their staff come into the office on a daily basis.
The pandemic has changed that. Gartner reports that 80% of company leaders plan to allow employees to work from home at least part time after the pandemic is over, and 47% will allow employees to work from home full time.
The long-term impacts of this shift will unfold in the years to come, but a short-term impact is the dramatically increased surface area of cybersecurity risk exposed by so many employees working remotely. IT teams will be focusing on how to securely gate access to sensitive systems remotely without adding so much friction that users can’t gain access at all. Blending the security practices for securing remote workers with the improved cybersecurity practices needed for secured networks is likely one of the biggest challenges facing enterprise security teams in 2021.
Remotely onboarding new employees requires an entirely different set of strategies and identity proofing than your typical new hire who can come into the office physically. The adoption of more remote-worker friendly identity proofing and user verification tools is a must for any business expecting to stay remote in the coming months and years.
How is your business preparing for 2021?
The initial scramble to adapt to the demands of 2020 has passed but the work for extended remote work in a secure fashion will be an ongoing project for years to come. It’s easy to say that additional layers of cybersecurity will help your business, but how can you do so in an efficient manner?
Be sure you’ve set aside enough budget and team resources to secure your organization in the new year. A few best practices include simple strategies, such as enabling multi factor authentication (preferably with biometrics) throughout your organization. Review your third party software vendors, and ask probing questions about their security practices and audit frequency (how long did it take them to remove the code from their Solar Winds installation?). Make sure you have regular security training and easy access to security standards for your organization.
If you have any questions about implementing secure multifactor authentication with biometrics, let us know – we’re here to help guide you through your upgrade process.