As the end of the year approaches, it’s a natural time for us to reflect on what happened in the world of authentication over the last 12 months, as well as think about what the next year will bring.
In 2023, we saw cybercrime continue to increase in both volume and sophistication across many attack vectors, including ransomware, man-in-the-middle, business email compromise (BEC), and push bombing attacks. Arguably one of the most notable developments in cybersecurity this year, however, was the introduction of generative AI, which has taken phishing attacks to new heights.
This changing threat landscape combined with the fact that 74% of breaches involve the human element, according to Verizon’s 2023 Data Breach Investigations Report, and the two primary ways in which attackers access an organization are stolen passwords (50%) and phishing (15%), presents a major problem when it comes to authentication. Especially when you consider that, despite passwords being the root cause of so many data breaches (80%, in fact, according to the FIDO Alliance), organizations still continue to use them.
All of these factors come into play when we think about authentication in 2024. We can’t change the behaviors of threat actors, but we can control how we react to them – and we hope to see more organizations turn to passwordless technology and phishing-resistant multi-factor authentication (MFA) to strengthen their security posture.
In addition to this over-arching trend, we asked two Axiad thought leaders what they think will unfold in the industry in 2024. Here’s what they had to say:
True passwordless technology removes passwords and other shared secrets completely. When you do that, the next step becomes modernizing account recovery. Traditionally, this is where password managers came in. In a passwordless world, however, vendors need to be able to offer passwordless recovery. Given this, the next natural step in the authentication industry will be passwordless technology vendors and credential management companies joining forces.
Cybercriminals want maximum results for the least amount of effort and money. Generative AI-based phishing attacks can be executed easily, quickly, and at no cost. So, while we’ve been able to keep phishing at bay over the past few years, in 2024, we’ll see both the rate of phishing attacks and their percentage of success increase dramatically.
While this is a step in the right direction, it’s only half the journey. As the “front door” of the house gets stronger, cybercriminals will shift from stealing credentials (e.g., passwords) to attacking the “back door,” or account recovery methods. For example, let’s say a cybercriminal enters incorrect information on an account five times. The account recovery process then kicks in. If that process involves calling a help desk to answer security questions or answering them online, there’s a good chance hackers will be able to ascertain the information they need to hack their way in by perusing social media. We’re already seeing this happen, but, in 2024, we’ll see an escalation of cybercriminals targeting account recovery methods to compromise credentials.
The cybersecurity threat landscape will continue to evolve as cybercriminals find new ways to attack the weakest parts of an organization’s technology security strategy. Being aware of potential weaknesses – whether it’s an authentication or account recovery method – and taking action to improve upon them will be more important than ever to address in the coming year to mitigate risk. We hope these three predictions will be useful to your business as you continue to strengthen your cybersecurity posture in 2024.
If you have thoughts, questions, or if we can be of assistance in your authentication journey, feel free to contact us.
The post Three Authentication Predictions for 2024 appeared first on Axiad.
*** This is a Security Bloggers Network syndicated blog from Axiad Cybersecurity Blog authored by Tami Williams. Read the original post at: https://www.axiad.com/blog/three-authentication-predictions-for-2024/