Andrew Shikiar, Executive Director/CMO, FIDO Alliance on cybersecurity over the coming year.
1. AI will drive cyber attacks – but not how people expect
“Deepfake technology and AI-powered malware will continue to evolve but account for relatively few data breaches in 2024. Businesses and individuals already fall victim to social engineering and phishing en masse – techniques that have now been supercharged in effectiveness and scale by AI. Social engineering is already the cause of the majority of attacks, and now any fraudster, anywhere in the world, can generate word-perfect phishing attacks that are near-impossible to detect – at a fraction of the effort of creating a deepfake.
This will be the biggest AI-driven security threat of the year. In fact, our recent study found that over half the population (54%) have already seen an increase in suspicious messages and scams, while 52% believe they have become more sophisticated. As this problem grows, businesses and service providers will look to non-phishable solutions to better protect themselves and their employees, and secure one of the biggest weak links in any organization’s cyber defenses.
This will create a race between IDv providers to show they can beat these types of attacks. Service providers are going to be far more diligent in selecting advanced doc auth and liveness detection, and the bar will rise significantly. Those with the best approaches and, crucially, those that can prove they have the best approaches will rise to the top.”
2. Passkeys march toward 20 billion enabled accounts
“With major brands and platforms like Amazon, Apple, Google, Microsoft and TikTok supporting and even mandating the use of passkeys in some cases, there are already around 8 billion passkey-enabled accounts today. 2024 will be a key year in shifting from a new technology to mass adoption, ultimately hitting 20 billion passkey-enabled accounts by the end of the year. More businesses will make passkeys their default authentication method, with service providers following suit to benefit from a better user experience and reduced cart abandonment.
“There are 5.3 billion internet users worldwide, each with many accounts they use daily, monthly or even yearly, so there is still a long way to go. But a significant and growing number of people will benefit from speedier login and checkout processes as enabled by passkeys, which will raise their expectations across all their online accounts.”
3. The end of one-size-fits-all cybersecurity
“Enterprises will be under pressure to review and refine their cybersecurity strategies in response to the scale and sophistication of AI-driven social engineering, plus a general movement towards greater cyber-transparency. Approaches and practices that used to be relied upon will no longer pass muster. Take company-wide training to identify phishing attacks for example. How can employees be reasonably expected to identify and report phishing emails when they are increasing in both frequency and effectiveness? This, and other methods, will no longer be an acceptable cornerstone of a modern cybersecurity strategy.
“Similarly, passwords and other shareable credentials will be an increasingly visible source of vulnerability – and as such we’ll continue to see enterprises look to decrease and ultimately eliminate their dependence on knowledge-based forms of authentications. Many organizations will embrace the security and ease-of-use of passkeys as a replacement not just for passwords, but for legacy forms of 2FA – either as synced passkeys that are typically managed by an OS or independent credential provider and provide a familiar consumer experience, or as device-bound passkeys that are typically housed in a FIDO security key and can help address higher-assurance use cases.”