How to avoid being the next data breach headline- Strategies that governments and corporates have adopted

Wednesday
 
27
 
November
2:20 pm
 - 
3:00 pm
Topic
Identity / Access Management
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 105
Theme
Cyber Security Infrastructure

Speakers

David Brykman
David Brykman

David Brykman

David Brykman

CEO
Bryk Group

Synopsis

OPENING FOCUS - KEY WARNING SIGNS

  • 86% of the breaches involve use of stolen credentials: 2023 Verizon Data Breach Investigations Report
  • 34% of reports to Australian Cyber Security Centre in 2022 were Government agencies (largest target group) of CyberCrime
  • Australia ranked fifth in identity theft according to Statistica research conducted in 2023. 850,000+ incidents reported. Research shows that once a nation breaks the threshold of millions of incidents, the number of incidents is likely to rise exponentially.
  • The Ravelin Global Fraud Trends & Payments Survey reported that Australian fraud teams expect a 30% increase in fraudulent activity over the next 12 months.

KEY INSIGHTS - WHAT ARE THE CRITICAL FOCUS AREAS

  • Cybersecurity is really about Identity Security
  • Credential & Authenticator Transferability (knowingly/unknowingly as a result of phishing/ social engineering attacks) invalidates their use and breaches security
  • Multi-factor authentication (MFA) has been the primary protection for credentials, but it is vulnerable.
  • In-device biometric sensors don’t prove user identity
  • Validating data/devices does not verify/authenticate users (e.g. Who is holding the phone).
  • Biometrics are the ONLY Trust Factor derived from a physical human
  • There should be “zero trust” in “transferrable” authentication credentials. We need change from a mindset of “Authentication” to one of “IdentityVerification & ReVerification” on every access.
  • Expertise and independent testing capabilities are difficult to source

KEY RECOMMENDATIONS:

1. Implement

Continuous Threat Exposure Management

2. Focus on

Biometric Identity

  • Remote identity Verification is required
  • Identity “binding” is critical to strong Identity Security
  • Deepfakes fool human gatekeepers. face re-verification is now essential
  • Fully-automated liveness & identity re-verification is needed to defend the coming infinitely scalable GenAI-deepfake attacks
  • 3D liveness-proven face verification and re-verification solves identity security problems
  • Solutions can be enhanced via “anti-fraud filters”
  • Organisations are still apprehensive about embracing biometrics and require more specialist advice, support and ongoing assurance, in order to be trusted.
  • Beware of solutions that cannot deliver e.g. 2D Liveness and matching
Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country