February 22, 2019
February 20, 2019
Posted January 10, 2019
Spoiler alert: When it comes to digital identity and the fight against cybercrime, 2019 won’t be a walk in the park.
Not that 2018 was any picnic. Whether it was the Marriott breach, Atlanta’s SamSAM outbreak, Amazon merchant fraud, or the surge in bot attacks, SIM card swaps and social engineering scams, the past year delivered plenty of pain to go around.
Looking to the months ahead, it’s clear that the 1 billion new personal identity records stolen in 2018 will only add fuel to the fire. With cybercrime expected to top $2 trillion in global losses, the sheer volume and crushing efficacy of cyberattacks will hit a new level this year. Here’s a look at what to expect in 2019:
By the end of the year, mobile attack rates will surpass desktop rates for the first time. From fake or hijacked mobile apps, to phishing and smishing scams, to malware infiltrations and more, mobile will become the #1 channel for attacks for one simple reason. As consumers increasingly pivot to the mobile CX for a growing array of daily activities, fraudsters will follow suit.
With an 800% increase in suspicious identities added to the credit system since 2012, synthetic identities pose a serious threat in 2019, especially in North America. With resulting losses pegged at $8 billion and counting, look for organizations to increase investments in technologies that verify identity based on dynamic attributes that can’t be faked or synthesized.
The number of bot attacks detected within the ThreatMetrix Digital Identity Network spiked 160% in the first half of 2018. Whether it’s testing or exploiting stolen identity credentials these automated assaults will hit critical levels by mid-year 2019. Among the hardest-hit: eCommerce companies under pressure to deliver the fast, friction-free buying experience customers demand.
Credential stuffing bot attacks are especially pernicious. More than 30 billion attacks hit the financial services industry in 2018, with fraudsters hacking user accounts to harvest personal and financial information. As the technologies behind these bots grow more adept at mimicking human behavior, increases in high-profile breaches could eclipse the volume seen in 2018.
As artificial intelligence is leveraged by a growing number of businesses to defend against fraud, cybercriminal operations are doing the same. Look for tech-savvy rackets to use AI and machine learning technologies to launch fuzzing, self-learning bots designed to discover and exploit zero-day vulnerabilities in real time, as well as malicious chatbots for use in social engineering ploys.
News and social media platforms will face pressure to protect against fraud as emerging “deepfake” technologies proliferate. These AI-based tools make it possible to craft audio-visual content of anyone appearing to say or do anything, in their own voice and likeness. The WSJ is training journalists to detect deepfakes. But fresh concerns over “fake news” are likely in 2019.
In 2019, cybercriminals will use “deepfake” tech to make Alexa or other digital voice assistant accomplices in account takeover (ATO) attacks and call-center scams. Voice fraud is already up 350% since 2013. This new generation of audio/video tech could be used to fool human call center operators or voice-based biometrics systems, granting thieves access to user accounts.
Concerns over cloud security will grow as organizations discover platform-native security controls may not address the full spectrum of risks they face. Already, Office 365-based systems rank among the hardest hit by fraudsters, with average losses topping $2 million. In 2019, a high-profile attack will prompt firms to integrate modern authentication solutions into their cloud-based infrastructure.
In 2019, fraud prevention strategies will increasingly center on data sharing within industry-specific consortiums. By leveraging real-time data from trusted sources within the same sector, organizations gain a more accurate view of user identity and risk. For the travel industry, financial services and manufacturing, consortiums may make or break fraud prevention efforts this year.
As the sophistication of cyberattacks continue to evolve, so too must the tools in place to defend against them. In 2019, the complexities involved with integrating new technologies with existing IT investments will accelerate the trend toward tech stack simplification. Prioritization on end-to-end fraud prevention will spark increased vendor acquisition and consolidation within the space.
This is the year password-based, single-factor authentication will become a thing of the past. Thanks to an endless stream of data breaches, reliance on weak or compromised login credentials accounts for 81% of data breaches. Look for further shifts toward biometrics, behavioral analytics, device recognition and other signals that cannot be faked or stolen.
GDPR and other new regulations require organizations to report breaches in as little as 72 hours to avoid steep fines. As a result, the spike in downstream fraud attacks that result from stolen identity credentials will more easily be correlated to specific breaches. Organizations will find it harder to downplay damage by claiming credentials have not been seen in the wild.
“Dark Overlord” was just the beginning. In 2019, look for cybercriminals to increasingly breach corporate data and then turn around and extort the company, threatening to reveal the breach if the company doesn’t pay up. Many organizations may be willing to pay the price in exchange for the breach never being reported.
The trend toward behavioral biometrics and analysis for continuous user authentication will pick up steam in 2019 as organizations discover passive risk assessment during onboarding, to login, to account management delivers more accurate insights for identifying high-risk behaviors. For some, this will help detect and disrupt advanced bot attacks designed to mimic human behavior.
Emerging digital business strategies once called for the creation of the Chief Digital Officer. In 2019, the drive for secure global growth through an expanding array of digital channels will see the emergence of the Chief Identity Officer. Spanning digital, privacy, compliance and security domains, this c-level role will first mark category leaders with dominant digital growth potential.