Remember meForgot password?
    Log in with Twitter

article imageQ&A: Why cybersecurity needs to be part of digital transformation Special

By Tim Sandle     Sep 1, 2018 in Business
To advance with digital transformation, a robust approach cybersecurity is needed. This goes hand-in-hand with company strategy as more firms go down the DX path. Jumio Head of Global Marketing Dean Nicolls provides some insights.
Companies going digital or expanding their digital services need to build in strong security measures, especially if they wish to keep customer satisfaction and customer loyalty levels high. One approach is with knowledge-based authentication. This is an authentication process whereby the user is asked to answer at least one “secret” question. However, due to several high-profile data breaches, this system is weak and open to cyberattack.
The company Jumio provides a more secure alternative to knowledge-based authentication. This by requiring the user to validate their identity with valid credentials that are compared with a selfie in real-time.
To understand more about the cyber-risks associated with digital transformation, Digital Journal spoke with Jumio Head of Global Marketing Dean Nicolls.
Digital Journal: How important is digital transformation becoming for businesses?
Dean Nicolls: For startups and digital (challenger) banks, digital transformation is embedded within their DNA. 95 percent of start-ups have digital business plans compared to 87 percent of traditional enterprises founded at least 50 years ago. Moreover, 55 percent of startups have already adopted a digital business strategy, compared to 38 percent of traditional enterprises and 62 percent say delivering an excellent customer experience as measured by customer satisfaction scores defines success as a digital-first business.
At Jumio, we have long served digital-first organizations and they have been early adopters of our identity verification solutions. Traditional banks, for example, are starting to lose share to these digital competitors and as a result, are expediting their digital transformation initiatives and trying to become more mobile and customer friendly.
DJ: Is digital transformation right for all types of businesses?
Nicolls: While I used the example of banks above, we're seeing these type of digital transformation initiatives across most sectors. It seems particularly acute in banking, financial services, healthcare and telecommunications. I think where you see the established players being seriously challenged by new mobile/customer centric competitors you're seeing more of a push.
The other driver of adoption has been the increase in online fraud and number of threat vectors. As more established companies become victims of data breaches, traditional methods of user verification (e.g., username/password, knowledge-based authentication and even two-factor authentication) have proven to be insecure and unreliable.
This is driving many of these organizations to explore more modern, biometric-based approaches to online identity verification -- and explore solutions that do a better job of detecting and thwarting fraud as well as preserve a simple, intuitive user experience -- and looking to digital experts like AirBnB, Coinbase and Monzo to take their cues.
DJ: What are the associated risks with cybersecurity?
Nicolls: With any technology there are risks. But when it comes to identity verification, cyber criminals often have the upper hand because of large scale data breaches (for example Equifax). The information from these breaches is often sold on the Dark Web where your information can be bought and sold.
According to Experian, scammers can buy information from valid driver's licenses for $20 and passports for $1,000. But, the answers for the knowledge-based questions (KBA) are also discoverable on the Dark Web, which means that fraudsters can easily get around traditional forms of identity verification. And thanks to man-in-the-middle and man-in-the-browser attacks, two-factor authentication (2FA) has become vulnerable and is no longer endorsed by NIST (the National Institute of Standards & Technology).
So, businesses of all stripes that are onboarding new customers must take stronger methods to more reliably and securely verify online users -- but at the same time not introduce too much friction that conversion rates suffer. It's a delicate balancing act.
DJ: Are cyber-attacks increasing?
Nicolls: Unfortunately, yes. The increasing amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well. 31 percent of organizations have experienced cyber-attacks on operational technology infrastructure. There are around 24,000 malicious mobile apps blocked every day, and in 2018, we're seeing a big increase in fileless attacks that leverage trusted Windows executables to invade systems and breach corporate networks. In 2017, the average number of breached records by country was 24,089. The nation with the most breaches annually was India with over 33,000 files; the US had 28,500.
DJ: Can you provide some examples?
Nicolls: In addition to these type of malicious and ransomware attacks, we've seen the rise in different types fraud schemes, including synthetic fraud, account takeover (aided by data breaches and the Dark Web), identity theft, and spoofing and phishing attacks. Also there's social engineering and counterfeit websites.
Collectively, these types of attacks mean knowing that someone is who they claim to be is increasingly difficult and why modern approaches to online identity verification are becoming a business necessity -- not only as a fraud prevention measure, but to meet increasingly stringent regulatory requirements, protect the organization's own ecosystem, and ensure a positive initial experience of new customers.
DJ: As a solution for business, what is ‘identity-as-a-service’?
Nicolls: There are a few different definitions to Identity as a Service is cloud-based verification/authentication operated by a third-party provider. In some cases, "identity" is used in terms of identity & access management. This often includes database of users, passwords, groups and specific services that allow users to login, maintain their accounts, reset their passwords etc., and a manager to manage them. Increasingly, the days of walking into a branch office, flashing a driver's license, birth certificate, or utility bill (proof of address) are gone. More and more new accounts are being created online and modern organizations need a way to reliably prove that someone is who they claim to be online.
When Jumio talks about Identity-as-a-Service we're talking about something different. Jumio’s Trusted Identity-as-a-Service combines machine learning, AI, computer vision and identity experts to provide the highest level of accuracy and fraud detection without falsely rejecting potential customers that are so critical for expanding businesses.
In a follow-up interview, Dean Nicolls outlines the Jumio Identity-as-a-Service platform solution in detail. See: "Q&A: Digital identity verification for customer onboarding."
More about Cybersecurity, digital transformation, DX, Cyberattack
More news from
Latest News
Top News