Security attack techniques are becoming ever more sophisticated. The 2016 NTT Global Security Intelligence Report identified the top threats as coming from private access attempts and exploitation software (this includes a dramatic rise in phishing), web application attack, reconnaissance, application specific attacking, brute forcing (up 135% and now emanating from over 75 countries), malware (also dramatically on the rise), network penetration, and denial of service (DoS). Of concern, the report says that only 23% of organisations are capable of responding effectively. Industries most targeted and impacted are (in order) government, manufacturing, hospitality (loyalty card dataset are targets), finance, retail, healthcare, and pharmaceuticals.
Organisations should move to improve their cyberresilience, addressing the risks of breach on brand, privacy, safety, regulation, transparency, and commerce. The report urges a comprehensive approach – two key areas of innovation that enable this are security analytics and identity management.
Security analytics focuses on predicting and preventing breaches – the early identification of threats and the deployment of targeted interventions to minimise harm, and the forensic examination of intrusions to apprehend criminals. This field has emerged to counter the rise in security threat sophistication and also in response to regulatory change, requiring more stringent security protocols to be implemented and to be shown to be in practice.
Adoption has been led by government and the defence industry because their data and applications are most prone to advanced threats. However, the rapid advancement of cyberattacks related to identity theft, financial fraud, intellectual property theft, and malicious business disruption is impacting all enterprises, most notably in the service providers and telecommunications, healthcare, banking, and retail verticals.
The NTT Global Threat Intelligence Platform (GTIP) is an example of security analytics assembled as a software toolkit and managed services platform, in order to proactively identify and defend against threats, through the intelligent consolidation and analysis of threat data from multiple sources.
Biometric security is becoming the identity management standard as a more secure, convenient, and accurate form of authentication. Across the globe, governments have adopted biometric-based authentication for passports, voting systems, driver’s licences, border management, and national ID’s.
Across 2017, in mobile commerce, the biometric fingerprint sensor will become the predominant identification mechanism, due to its convenience and superior security. This may be coupled
with other identification forms, such as iris recognition. Recently, Japan implemented this two-factor biometric combination to authenticate transactions for a particular m-commerce platform.
In healthcare, biometrics will also become the mechanism to identify patients, streamline benefit payments, and reduce fraud. Innovations across the biometric modalities are expected, from the mobile phone fingerprint sensor to facial and iris recognition, chemical recognition from smart clothing, electro cardiogram sensors, and unique gestures recognition. Industrial IoT redefines the way we use and secure devices and systems and biometric security will evolve to verify the identity of the person or thing interacting and passing data across these systems.
In line with the shift in business models from ‘inside-out’ to ‘outside-in’, Personal Digital Identity Management sees individuals controlling their identity, their trust, and information sharing preferences with third parties. An organisation’s ability to respond to this user-driven system of trust will become a defining factor in who we choose to do business with. The concept of each of us owning and controlling our personal data ecosystem is now rapidly taking form through the emergence of, potentially, the most profound technology disruption – the blockchain.
Borne out of cryptocurrency design, the blockchain is a peer-to-peer system of trust that is intended to be inviolate. The blockchain is a series of distributed ledgers, each containing information from a particular party. A transaction involves one party giving another party access to their ledger via an encrypted key. An end-to-end transaction comes together as a series of ledger permissions
– information doesn’t flow in and out of systems, but rather blockchain ledgers can make up a ‘virtual’ ledger pointing back to the source. Blockchains can operate in the public domain, or, as private (member only) peer-to-peer networks. Theoretically, it is impossible to breach this system of trust as multiple parties would need to allow access for a violation to occur.
This means that the models of internally controlled systems, with data transferred from party to party along a transaction flow, will become redundant. Blockchain can be thought of as the next generation of digital operating system, redefining technology systems architecture at every level – infrastructure, networks, applications, data, interface, device, security, and identity.
Think about your experience buying a home – collating personal data, getting finance approval, signing sales contracts, engaging a conveyance lawyer, settling, and having the title transferred. It’s constipated with process repetition, data replications and siloed participants, and is risky in terms of your information flowing around (via emails, web forms and contact centres), landing in centralised systems you neither understand nor control, but which are data honeypots for hackers.
Blockchain means that all of this can occur with you storing your data once only (in your blockchain ledger), with end-to-end completion in a fraction of the time and cost. In July 2016, in the US, the first property ownership transfer occurred on a blockchain-powered real estate platform (Ubitquity) – a paperless process and effortless experience for all parties.
Across most industries and their supply chains, a significant number of functions can be ‘blockchained’, resulting in streamlining, the disintermediation of players, and ultimately, the redesign of organisations and economies.