IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
More data breaches on the cards through continued cybersecurity negligence
Tue, 22nd Nov 2022
FYI, this story is more than a year old

Continued cybersecurity negligence will see more data breaches in 2023, according to cybersecurity and biometrics firm Daltrey.

Daltrey put the call out to their team of biometric and security experts for their predictions for 2023, based on what they are observing at the coalface working to keep their clients secure. 

Amongst the key trends, Blair Crawford, founder and CEO of Daltrey, warns that through continuing cybersecurity negligence, we may see more data breaches in 2023. 

"We tip it will be due to the human factor and related to passwords, as an Australian business will have failed to remove weak credentials for their digital assets," he says.

He also predicts that biometrics will increase in adoption at the consumer level and for cyber defence.

"Sadly we don't think we have seen the last of the cybersecurity breaches," says Crawford. 

"The most significant breach in 2022 was Medibank with millions of customer records, including highly sensitive PII stolen. The cost of remediation is expected to exceed $25 million with the impact on affected customers likely to last many more months, or even years."

Crawford says the worst may be yet to come.

"A storm is brewing, and all Australian businesses need to heed the warnings that the last quarter of 2022 has shown and act now to close vulnerabilities."

Crawford says cybersecurity threats will continue to increase in 2023, and there will be a significant shift to threats upon SMEs and small businesses, not just enterprises. 

"The new Australian Government will continue to shape laws to ensure organisations are taking the appropriate steps to help keep their customers and employees safe," he says. 

"Cybersecurity will become the new mining industry by way of its significant growth and contribution to GDP over the next four years." 

According to Crawford, biometrics will increase in adoption throughout 2023 at the consumer level, with companies like PayPal, and the banking sector seeking to rapidly deploy the technology to secure customer information. 

According to leading economists, the global biometric technology market size is projected to reach USD $11.49B by 2026.

"Biometrics will increase in adoption for cyber defence in 2023 and the critical national infrastructure sector will lead Australia's biometric enabled convergence adoption," he says.

"Biometrics will come under greater regulation and legislation in 2023, both in Australia and globally, and we will start to see the industry move beyond the wild west."

For consumers, Crawford says it is important to clearly articulate in terms and language appropriate for the audience how biometrics will be used, linking this to the problem being addressed, and how their data is being used and protected.

"It will be important to delineate between the applications of technology," he says. 

"For example, law enforcement using biometrics to identify people who've been confirmed as a threat to public safety versus biometrics for general mass identification without consent.

"Businesses need to adopt and work with partners who are transparent and ensure any biometrics program is initiated on a consent basis when the scope and context is clearly communicated to the user for them to opt in," Crawford says.

"This will be a significant maturity step forward in 2023 for biometric technology and there will be clear understanding of the concepts of consent, scope, and control for each use case when it comes to privacy and security."

Crawford says there is still a lot of education to be conducted when it comes to the use of biometrics. 

"Not every biometric solution is the same and providers must prove themselves on the ethical use of biometrics," he says.

"Once the market becomes less risk averse to biometrics, it will play a significant role in MFA and identity. It's the next evolution of verifiable authentication."

Daltrey predicts that at least 50% of large Australian enterprises will remove or begin the process to remove passwords, and adopt impersonation resistant authentication controls in early 2023.

The report says MFA fatigue will only increase in 2023, with providers adding extra steps to their current MFA products in an attempt to address it. This is likely to increase friction in an already unfriendly user experience. CISO and IT teams will be closely examining alternatives to provide better trade-offs between security and user experience.

According to Daltrey, berifiable credentials are gaining momentum and the concept is slowly translating outside decentralised identity management. 

"It will become the basis of strong authentication which starts with identity proofing – there is no point authenticating if you don't know who you are authenticating," Crawford says.

"In line with cyber hacks which have occurred across the globe in 2022, this will be a strong focus for 2023. Even the FIDO Alliance is working on defining standards for identity proofing as they acknowledge this is a significant gap in their value proposition."

Crawford says digital identity will be the number one priority for organisations of any size in 2023. 

"With the rise of stolen data, its becoming more prevalent to see stolen identities," he says. 

"Internal espionage will be a significant risk as well, and therefore robust Digital IDs will be imperative."