2022 was a bad year for technology stocks in general, driven by softening investor confidence in the bigger technology brands – but the future is still bright for the technology sector, and we can expect the cybersecurity category to grow further in 2023.
McKinsey’s 2022 review identifies a range of megatrends, some of which point specifically at cybersecurity. One is the continued migration to the cloud as more employees work remotely. Large businesses aspire to have 60% of their tech infrastructure in the cloud by 2025, according to the report – with this comes an increased risk of cyberattacks, as more business is done online.
The second is the increasing expectation from consumers that businesses will protect their data. 53% of customers overall actively check that a business has adequate policies in place, rising to 70% in markets such as Latin America.
This trend is even more pronounced in B2B (business-to-business), where 52% of customers say they’d go elsewhere if they felt the vendor is falling short on data protection.
According to the 2022 Verizon Data Breach Investigations Report, nearly 50% of all data breaches were caused by stolen credentials – a huge direct cost to businesses, as online fraudsters continue to cost businesses hundreds of millions of pounds every year.
It’s also a potentially huge indirect cost, given the reputational crisis for any business that prides itself on protecting its customers.
Shareable credentials such as passwords, or PIN codes sent by email or SMS, are a fundamental security weakness – they make it easy for threat actors to carry out the scalable, remote, attacks that they prefer.
This is the vulnerability behind many recent breaches of businesses such as Uber, Medibank, Ronin and Plex. Attacks like the one on Uber also represent future threats — the attackers gained access to employee emails, which is likely to lead to future phishing attacks and attempts to steal Uber employee credentials, with potentially very serious consequences.
Cybercrime won’t decline in 2023 by creating more complicated login processes or hiring bigger cybersecurity teams. Whenever shared credentials are involved, humans can be tricked into sharing them, and the threat actor can gain remote access.
To protect themselves, businesses need to replace the default of email, password, and SMS codes with secure login technology that doesn’t rely on shared information — such as on-device FIDO tokens, SIM-based authentication and cloud-based biometrics.
Moving away from shareable credentials to physical possession factor and biometric security prevents remote attacks and provides the long-term answer to these ongoing threats.
To find out how to implement next-gen authentication and deliver high security, low friction authentication experiences to your users, simply book your free 30-minute demo or visit the tru.ID website.
tru.ID helps banks and businesses to reduce the threat of cybercrime with a range of mobile identity and authentication solutions for customers and employees.
Silent authentication from tru.ID leverages the cryptographic security of the SIM card already present in every phone. This revolutionary approach delivers hardware-grade, possession-factor mobile security at scale, without impacting UX.
tru.ID is already live in 23 markets covering over 2bn digital identities.