Connect with us

Politics

How Remote Work is Driving the Adoption of More Secure Authentication Methods – ReadWrite

Published

on

How Remote Work is Driving the Adoption of More Secure Authentication Methods - ReadWrite


As the remote work wave advances, companies have had to grapple with new cybersecurity challenges, one of which is authentication. Employees’ reliance on traditional means of authentication like passwords and shared secrets has been a burden to companies due to how easy they are to hack and intercept. Here is how remote work is driving the adoption of more secure authentication methods.

Password-based authentication does not verify identity but only the knowledge of login credentials, hence, they are more trouble when employees work from home.

The consequences of a cyberattack from a leaked, stolen, or shared password could be disastrous; a hacker could launch a highly sophisticated attack on you or your business, causing serious short and long-term damages. This could lead to serious financial and legal implications and, in a worst-case scenario, a malicious attack could even sabotage your business and its operations to an extent that it may never be able to recover. –Misan Etchie

Legacy Authentication Challenges

The root of the problem is this: passwords were not originally designed to prove identity. The first computer password was invented in order to assign time to MIT researchers for using a mainframe computer: the Compatible Time-Sharing System (CTSS).

Passwords were not designed to secure large user populations comprised of people unknown to the service provider; so, it’s no surprise that passwords’ shortcomings lead to the majority of data breaches.

Number One Cause of Data Breaches

According to reports by IT Governance, poor password behavior is the number one cause of data breaches. Passwords are just too difficult to manage and bad password habits are rational because of how difficult it is to store multiple complex passwords. Despite this, passwords are dominant in the average person’s personal and work life.

Revelations like this underlie the advocacy for passwordless authentication systems. Being so used to passwords, on the surface, it seems there is no way to guarantee better security without passwords. Knowledge-based authentication models are vulnerable to theft and leaks.

The spate of data breaches underscores the problem with knowledge-based authentication models.

For instance, many celebrity accounts were breached last year after hackers launched (aljazeeradotcom), a series of spear-phishing attacks against employees. That’s enough to conclude that passwords are not proof of identity.

The Rise of Remote Hackers

One of the challenges of distributed workspaces, as it pertains to cybersecurity, is identity assurance. Mind you, a username and a password cannot verify anyone’s identity, but only a user’s knowledge. This is especially disastrous when 75% of employees don’t bother with privacy measures when working remotely in a public place making them more vulnerable to cyberattacks.

The Remote Phishers

According to a piece published by The Business Journal, remote work has unlocked the door for cyberattacks such as phishing scams, ransomware, and other risks and breaches. Hackers are aware that due to employees’ inability to work in shared spaces, they will be connecting to their companies’ servers and other resources in a very different way.

At the very least, they are doing it in a setting with no peer or official oversight.

The combination of poor security protocols and complacent workers working from home makes employees far more vulnerable to cyberattacks. Now that we have an extremely unsafe and volatile environment in terms of cybersecurity, hackers are already exploiting the opportunity to attack unprepared businesses.

How many hacks can you prevent a day?

There are more than 2,600 detected threats a day according to Check Point Research, and 90% of IT professionals who claim to have witnessed some sort of phishing attack on their organization since remote work has become more common.

Adaptation to what is — is part of critical thinking. Adapting to present circumstances is survival.

This moment — is a critical moment in history in which leaders need to quickly adapt to the present circumstances. We have never before had such an unsafe environment to protect, so it is unsurprising that hackers are taking advantage of the global pandemic.

It is crucial for enterprises and companies to act now, by protecting themselves and their employees from any potential cyberattacks.

Continuous Authentication

The problem with legacy authentication models is that even legitimate login sessions can be hijacked without any suspicion. One-time access gives hackers room to launch subtle attacks.

Continuous authentication solves this problem by using contextual information to perform identity verification. If traditional authentication models can be described as active, then continuous authentication is passive.

The how-to of continuous authentication

The continuous authentication system works in the background, analyzing information such as metadata, location, and login behavior (behavioral biometrics) to ensure that the integrity of any access session is maintained. The authentication scrutinizes user activities to verify that they are consistent with the user’s established behavior pattern as well as the company’s cybersecurity and risk policy.

For instance, a continuous authentication system may automatically log a user out if they connect to a different network that may be deemed unsafe. At a time when employees work outside the four walls of the office, continuous authentication (sometimes paired with machine learning systems) fills the trust gap created by remote working.

In addition, continuous authentication improves cyber defense, especially in threat assessment and incident detection. By keeping records of user login activities, analysts have data to work with to trace the source of a threat or an attack.

Biometrics

Knowledge-based authentication models don’t verify identity. Only inherence-based systems (such as biometrics) are tied directly to a user’s identity. Biometric data (fingerprint, voice, face, retina, iris, etc.) are non-transferable. There is little to fear in terms of stolen or breached credentials, especially when biometric authentication employs liveness detection such as the requirement to speak, read a phrase, smile, nod, or blink.

Who has your fingerprint?

There is a one in 64 billion chance that someone possesses another person’s fingerprints. With the global population at around 7.5 billion, a large segment of whom are not users, hacking into a biometrics system becomes practically impossible. The benefits of using biometric authentication methods are many, mainly due to how convenient they are and how they rid employees of having to carry around tokens and hardware keys or having to remember complex passwords.

Recently, smartphones have defaulted to biometric identification (fingerprints, face ID, etc.), and laptops and other workstations already are following suit. Thus, implementing biometric authentication for a business’ employees is no longer as expensive as it was.

People can log in uniquely to apps on their phones and computers via fingerprints and face recognition, the way they are doing on commonplace mobile devices most people own. Technologies such as Windows Hello, LastPass, and IBM Security Verify help enterprises to conveniently implement risk-aware identity verification.

Other Passwordless Authentication Concerns

Even if an organization is not ready to do away with passwords entirely, it only makes sense to not rely on passwords alone.

Not relying on passwords alone is where multi-factor authentication (MFA) comes in, creating additional layers of identity verification to strengthen security by authenticating users on more than one criterion what you know, what you have, and who you are.

According to a Microsoft security report, MFA lowers the odds of compromise by 99.9%. Whereas, it is possible to eliminate passwords in MFA completely, such as when combining biometric verification with tokens.

One-time computer-generated cryptographic keys do a better job at securing users than passwords do. Indeed, hardware tokens have been in use for almost two decades now. However, they are expensive and difficult to implement and maintain. Then come software tokens. Although most are used as a second-factor authentication option, they may even replace passwords entirely.

Conclusion

The past year has seen massive disruptions to how companies do business, how employees work, as well as how organizations protect themselves from cyberattacks. In light of more secure authentication methods that have emerged, passwords represent the weakest authentication links and should not be used without a passwordless second-factor.

Hackers will always try to attack your employees: the weakest link in your security infrastructure. Hence, it is crucial for employers and enterprises to sensitize their employees to keep good password behavior.

It is becoming clearer that passwords are more of a burden than they are a security tool. Going forward, one can anticipate the complete elimination of passwords in user authentication and their replacement with more secure, more convenient authentication methods.

With the rise of remote hackers taking advantage of the current global situation, we will see more secure authentication methods spike in usage as more companies start to take their security into consideration.

Image Credit: sora shimaza; pexels

Joseph Chukwube

Entrepreneur, Digital Marketer, Blogger

Digital Marketer and PR Specialist, Joseph Chukwube is the Founder of Digitage, a digital marketing agency for Startups, Growth Companies and SMEs. He discusses Cybersecurity, E-commerce and Lifestyle and he’s a published writer on TripWire, Business 2 Community, Infosecurity Magazine, Techopedia, Search Engine Watch and more. To say hey or discuss a project, proposal or idea, reach him via joseph@digitage.net

Politics

Fintech Kennek raises $12.5M seed round to digitize lending

Published

on

Google eyed for $2 billion Anthropic deal after major Amazon play


London-based fintech startup Kennek has raised $12.5 million in seed funding to expand its lending operating system.

According to an Oct. 10 tech.eu report, the round was led by HV Capital and included participation from Dutch Founders Fund, AlbionVC, FFVC, Plug & Play Ventures, and Syndicate One. Kennek offers software-as-a-service tools to help non-bank lenders streamline their operations using open banking, open finance, and payments.

The platform aims to automate time-consuming manual tasks and consolidate fragmented data to simplify lending. Xavier De Pauw, founder of Kennek said:

“Until kennek, lenders had to devote countless hours to menial operational tasks and deal with jumbled and hard-coded data – which makes every other part of lending a headache. As former lenders ourselves, we lived and breathed these frustrations, and built kennek to make them a thing of the past.”

The company said the latest funding round was oversubscribed and closed quickly despite the challenging fundraising environment. The new capital will be used to expand Kennek’s engineering team and strengthen its market position in the UK while exploring expansion into other European markets. Barbod Namini, Partner at lead investor HV Capital, commented on the investment:

“Kennek has developed an ambitious and genuinely unique proposition which we think can be the foundation of the entire alternative lending space. […] It is a complicated market and a solution that brings together all information and stakeholders onto a single platform is highly compelling for both lenders & the ecosystem as a whole.”

The fintech lending space has grown rapidly in recent years, but many lenders still rely on legacy systems and manual processes that limit efficiency and scalability. Kennek aims to leverage open banking and data integration to provide lenders with a more streamlined, automated lending experience.

The seed funding will allow the London-based startup to continue developing its platform and expanding its team to meet demand from non-bank lenders looking to digitize operations. Kennek’s focus on the UK and Europe also comes amid rising adoption of open banking and open finance in the regions.

Featured Image Credit: Photo from Kennek.io; Thank you!

Radek Zielinski

Radek Zielinski is an experienced technology and financial journalist with a passion for cybersecurity and futurology.

Continue Reading

Politics

Fortune 500’s race for generative AI breakthroughs

Published

on

Deanna Ritchie


As excitement around generative AI grows, Fortune 500 companies, including Goldman Sachs, are carefully examining the possible applications of this technology. A recent survey of U.S. executives indicated that 60% believe generative AI will substantially impact their businesses in the long term. However, they anticipate a one to two-year timeframe before implementing their initial solutions. This optimism stems from the potential of generative AI to revolutionize various aspects of businesses, from enhancing customer experiences to optimizing internal processes. In the short term, companies will likely focus on pilot projects and experimentation, gradually integrating generative AI into their operations as they witness its positive influence on efficiency and profitability.

Goldman Sachs’ Cautious Approach to Implementing Generative AI

In a recent interview, Goldman Sachs CIO Marco Argenti revealed that the firm has not yet implemented any generative AI use cases. Instead, the company focuses on experimentation and setting high standards before adopting the technology. Argenti recognized the desire for outcomes in areas like developer and operational efficiency but emphasized ensuring precision before putting experimental AI use cases into production.

According to Argenti, striking the right balance between driving innovation and maintaining accuracy is crucial for successfully integrating generative AI within the firm. Goldman Sachs intends to continue exploring this emerging technology’s potential benefits and applications while diligently assessing risks to ensure it meets the company’s stringent quality standards.

One possible application for Goldman Sachs is in software development, where the company has observed a 20-40% productivity increase during its trials. The goal is for 1,000 developers to utilize generative AI tools by year’s end. However, Argenti emphasized that a well-defined expectation of return on investment is necessary before fully integrating generative AI into production.

To achieve this, the company plans to implement a systematic and strategic approach to adopting generative AI, ensuring that it complements and enhances the skills of its developers. Additionally, Goldman Sachs intends to evaluate the long-term impact of generative AI on their software development processes and the overall quality of the applications being developed.

Goldman Sachs’ approach to AI implementation goes beyond merely executing models. The firm has created a platform encompassing technical, legal, and compliance assessments to filter out improper content and keep track of all interactions. This comprehensive system ensures seamless integration of artificial intelligence in operations while adhering to regulatory standards and maintaining client confidentiality. Moreover, the platform continuously improves and adapts its algorithms, allowing Goldman Sachs to stay at the forefront of technology and offer its clients the most efficient and secure services.

Featured Image Credit: Photo by Google DeepMind; Pexels; Thank you!

Deanna Ritchie

Managing Editor at ReadWrite

Deanna is the Managing Editor at ReadWrite. Previously she worked as the Editor in Chief for Startup Grind and has over 20+ years of experience in content management and content development.

Continue Reading

Politics

UK seizes web3 opportunity simplifying crypto regulations

Published

on

Deanna Ritchie


As Web3 companies increasingly consider leaving the United States due to regulatory ambiguity, the United Kingdom must simplify its cryptocurrency regulations to attract these businesses. The conservative think tank Policy Exchange recently released a report detailing ten suggestions for improving Web3 regulation in the country. Among the recommendations are reducing liability for token holders in decentralized autonomous organizations (DAOs) and encouraging the Financial Conduct Authority (FCA) to adopt alternative Know Your Customer (KYC) methodologies, such as digital identities and blockchain analytics tools. These suggestions aim to position the UK as a hub for Web3 innovation and attract blockchain-based businesses looking for a more conducive regulatory environment.

Streamlining Cryptocurrency Regulations for Innovation

To make it easier for emerging Web3 companies to navigate existing legal frameworks and contribute to the UK’s digital economy growth, the government must streamline cryptocurrency regulations and adopt forward-looking approaches. By making the regulatory landscape clear and straightforward, the UK can create an environment that fosters innovation, growth, and competitiveness in the global fintech industry.

The Policy Exchange report also recommends not weakening self-hosted wallets or treating proof-of-stake (PoS) services as financial services. This approach aims to protect the fundamental principles of decentralization and user autonomy while strongly emphasizing security and regulatory compliance. By doing so, the UK can nurture an environment that encourages innovation and the continued growth of blockchain technology.

Despite recent strict measures by UK authorities, such as His Majesty’s Treasury and the FCA, toward the digital assets sector, the proposed changes in the Policy Exchange report strive to make the UK a more attractive location for Web3 enterprises. By adopting these suggestions, the UK can demonstrate its commitment to fostering innovation in the rapidly evolving blockchain and cryptocurrency industries while ensuring a robust and transparent regulatory environment.

The ongoing uncertainty surrounding cryptocurrency regulations in various countries has prompted Web3 companies to explore alternative jurisdictions with more precise legal frameworks. As the United States grapples with regulatory ambiguity, the United Kingdom can position itself as a hub for Web3 innovation by simplifying and streamlining its cryptocurrency regulations.

Featured Image Credit: Photo by Jonathan Borba; Pexels; Thank you!

Deanna Ritchie

Managing Editor at ReadWrite

Deanna is the Managing Editor at ReadWrite. Previously she worked as the Editor in Chief for Startup Grind and has over 20+ years of experience in content management and content development.

Continue Reading

Copyright © 2021 Seminole Press.