Connect with us

Interviews

Companies Must Place Greater Emphasis on Authenticating Digital Identities

Published

on

Saeed Ahmad, the Managing Director for Middle East and North Africa at Callsign, says organizations that employ Zero Trust 2.0 can better combat fraudulent activities by using unique employee behavioral profiles.

How has the Zero Trust Network Architecture evolved since it was first coined in 2010?
As regional organizations try to manage the ever-changing threat landscape and secure a growing attack surface, the Zero Trust framework is becoming increasingly popular. As the name suggests, Zero Trust demands authentication at every connection to an organization’s network to create an impenetrable barrier around the organization.

The Zero Trust approach has developed over time from a Fort Knox-style approach which adds friction and can hinder employee experience and productivity, to one that employs intelligent passive indicators based on behavioral analytics.

The former necessitates authentication of every touchpoint connecting to an organization’s network. This strategy causes unnecessary friction, reducing staff productivity and putting security resources under strain. However, a new approach to security known as Zero Trust 2.0 enables organizations to maintain the same “Fort Knox” degree of security while also ensuring employee convenience and productivity.

The answer lies in passive behavioral indicators, for example, the pressure a person exerts when typing or the way they swipe a device is unique and inherent to each individual. This unique behavioral data, when combined with data from a user’s device and location, aids in positively identifying users, instead of just looking for fraudulent users which can result in lots of false positives and increase friction.

Zero Trust 2.0 layers passive behavioral indicators over knowledge-based passwords and location or device-based indicators used in the traditional Zero Trust strategy, allowing organizations to enhance their authentication process without adding friction.

Do you believe that enterprise IT departments today require a new way of thinking because the castle itself no longer exists in isolation as it once did?
In a nutshell, yes. With the work-from-anywhere culture gaining traction in the region, and multi-cloud strategies broadening the attack surface, it is critical for organizations to consider technologies that must protect their infrastructure from any device, from any location in real-time, but at the same time maintain convenient access and maintain productivity.

To do this successfully, companies must shift from an end-point focus to a people-focused approach to security. The traditional Zero Trust strategy is centered on authenticating each touch point with an organization’s network usually from one or the same location on the same device. This approach forces employees to constantly validate their identities at each point of entry but doesn’t necessarily identify if someone is gaining unauthorized access using stolen credentials, and only looks at a set number of interactions.

Organizations that employ Zero Trust 2.0 can better combat fraudulent activities by using unique employee behavioral profiles. Intelligent passive authenticators rely on behavioral analytics, which is data created by one’s digital transactions or online activity. This includes an employee’s network interactions from their workplace laptop, smartphone, or tablet.

Because these indicators are passive, such as the way a pin or passcode is typed, or the way a phone is swiped, it doesn’t add friction and can be deployed throughout the digital journey rather than at moments in time. This means organizations are protecting every interaction, and not just known entry points. This approach serves to identify that the users are who they say they are through unique inherence factors, whereas usernames and passwords alone don’t actually identify the genuine user, so a fraudulent entry could look like a genuine user.

Industry experts have warned that cyber-attacks will be focused on techniques that zero trust controls can’t mitigate. What according to you can be done to address this?
As organisations scale up their cybersecurity measures, cybercriminals respond by demonstrating greater sophistication through their malicious campaigns. To ensure the integrity of their assets, organizations must place greater emphasis on authenticating digital identities in an intelligent manner.

The individual user and their behavior are the foundation of this identity. As an example, bad actors can often leverage sophisticated AI-based software to impersonate employees based on physical characteristics, such as facial recognition, or even circumvent it altogether by claiming it’s not working and inputting the step-up method of a pin or password instead. However, with Zero Trust 2.0’s intelligent passive authenticators, an organization’s employees can simply use their own personal behaviors to identify themselves to their organisations. An individual’s behaviors are based on unique muscle memory and are hard for a fraudster to imitate.

Cyber Security

Financial Services in the GCC Will Continue to Attract More Attention From Fraudsters

Published

on

Dmitry Volkov, the CEO of Group-IB, says the region’s rapid digital transformation has made it vulnerable to cyber threats such as phishing, counterfeiting, VIP impersonation, data leaks, and trademark abuse (more…)

Continue Reading

Interviews

NetApp’s New Riyadh HQ: A Strategic Hub for Middle East Growth

Published

on

In an exclusive interview, George Kurian, the President of NetApp speaks about the company’s new regional HQ in Riyadh, the key objectives for the regional market, their support for Saudi Arabia’s Vision 2030, and more (more…)

Continue Reading

Black Hat MEA

Phosphorus Cybersecurity to Partner with Cyberani for Black Hat MEA 2024

Published

on

Osama Al-Zoubi, the Vice President of Phosphorus Cybersecurity, says over the next year, we will see more sophisticated OT-focused malware (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.