When we think of online relationships, we usually think about our social media connections or dating and not all the organisations whose services we access online multiple times per day across many different devices.
Everyone has online access to their important services like banking and credit cards, utility services, government and health services, email accounts, online shopping, frequent flyer programs, cryptocurrency wallets and share trading platforms.
However, as the number of these different services grows, so does the risk of cyber-attacks and potential access to your personal data from hackers.
Customers are often asked by these organisations to be more alert with creating or sharing their login details and to be cautious about the links they click on emails that are supposedly from those companies. However, consumers are generally not risk-averse and have an expectation that the online service providers they deal with will keep their accounts and personal data secure, but sadly this is increasingly not the case.
Recent high-profile cybersecurity incidents that were instigated using phishing attacks have demonstrated that personal identity documents, financial data and private information can be stolen and then published on the web for financial gain. Consumers are continually at risk of being victims of this type of incident and should therefore consider adopting a similar approach to their personal cybersecurity as the one utilised across the business world, Zero Trust.
What does Zero Trust mean to a consumer?
At its core, Zero Trust implies that a person should not trust any individual or thing unless adequately verified before being given access to any personal data online. Because of this, Zero Trust is designed to effectively stop data breaches and sensitive information from falling into the hands of ‘malicious actors’ because it demands every person and device provide stringent identity authentication to access any online resources or accounts.
In an age where our lives are increasingly intertwined with the digital realm, “Zero Trust” has emerged as a critical philosophy to protect our online identities and data. While it is a concept that has historically been adopted by businesses, Zero Trust is a cybersecurity paradigm that should be adopted by consumers as well given the focus on urging individuals not to place blind faith in any online relationships.
Zero Trust authentication has been designed to negate the shortcomings of traditional authentication methods, which most consumers trust to be good enough – but are they really?
The problems with traditional, legacy authentication methods
While the digital age has made our lives easier, it has also opened the door to cyber threats and data breaches. The majority of data breaches continue to stem from stolen credentials and those easy-to-remember passwords everyone has used before are easily compromised – leaving online accounts vulnerable to hacking and data breaches. A long and complex password generated by and stored in a password manager will no longer ensure the security of our online accounts and personal data.
While multi-factor authentication (MFA) remains one of the most essential and effective controls against account takeover, it’s far from universally adopted. The recent State of Global Enterprise Authentication Survey revealed that 38 per cent of Australians and 31 per cent of New Zealanders, are still using traditional legacy authentication methods like mobile-based authentications such as SMS-based one-time passcodes (OTPs), as well as push notifications (30 per cent of Australia/26 per cent New Zealand) rely on “shared secrets” that can be abused through malware, SIM swapping, and man-in-the-middle (MiTM) attacks.
Phishing-resistant MFA is the key to online security
An essential first step to achieving Zero Trust for a consumer is to move away from the highly insecure and traditional username and password and other forms of legacy authentication methods vulnerable to compromise. Zero Trust principles encourage consumers to embrace more secure solutions, such as phishing-resistant MFA tools like hardware security keys (such as the YubiKey) and passkeys.
Security keys are hardware devices that uniquely protect your login information, preventing cybercriminals from gaining unauthorised access. Consumers should adopt phishing-resistant MFA tools like security keys for all online accounts, where available, to strengthen their online security posture. Unfortunately, not all online accounts offer this. However, there is also a responsibility for online service providers to enable their customers to use these highly secure authentication methods to access their online accounts.
A call to action for online services
Consumers will eventually get to the point where they trust no one online, but they also need online service providers to start providing safer solutions for them. So this is a call to action aimed at the providers of online services that consumers expect better and they should be doing more to keep their online services safe and secure from predators.
A passwordless future is the ultimate goal where the reliance on cumbersome passwords is eliminated altogether, making it exceptionally challenging for cybercriminals to breach our online worlds. This passwordless future promises a more secure and convenient online
experience, as users won’t need to remember many complex passwords.
Major tech companies like Google, Microsoft and Apple are actively driving the shift towards a passwordless future by integrating passwordless authentication options into their services.
By promoting and implementing these passwordless authentication methods, these tech giants play a crucial role in convincing users to reconsider their online relationships and embrace Zero Trust principles. Likewise, customers should encourage all service providers
to do the same.