In conversation with Digital Journal, Phil Dunkelberger, CEO of Nok Nok and former CEO of PGP Corporation, and Rolf Lindemann, VP of Product at Nok Nok and Co-Chair of the UAF Technical Working Group for the FIDO Alliance, have reflected on the challenges brought about by this year’s uncertainty to shape some expectations for the New Year.
Contactless QR code hacks will experience a big surge
According to Phil Dunkelberger: “From mobile check-ins at hospitality venues to digital menus at your favorite restaurants, QR codes have quickly taken off as the world shifted to contactless with the arrival of COVID-19. While the QR codes bring health benefits and consumer convenience, taking a closer look between the lines – or squares – unveils hidden security concerns.”
He adds: “When users conduct digital check ins, they often enter personal information like their name, birthdate and even an occasional health snapshot. As the frenzy surrounding QR codes continues into 2021, threat actors will increasingly use the technology to get their hands on sensitive data. Building QR codes that direct consumers to dangerous websites allows these adversaries to force-download malicious software, steal information and even activate cameras or send spam emails.”
No vein, no gain: Vein recognition will take center stage in the fight against fraud
Looking into this aspect is Rolf Lindemann, who states: “Throughout recent years, biometric technology has played an increasingly significant role in modern society. From unlocking phones to accessing airport checkpoints, the technology has brought a wealth of convenience as users don’t have to keep track of numbers, codes, passwords or physical IDs. However, vulnerabilities such as Face Unlock on Jelly Bean and the 10-year-old son unlocking his mother’s mobile phone have also created concern with how some organizations approach the technology.
Lindemann expands on these points: “In 2021, vein recognition will cement its position as one of the hottest ways to combat the security challenges associated with existing facial recognition technologies. From presentation attacks to large scalable attacks and even targeted physical ones like phone theft, vein recognition’s use of infrared-light detectable veins will show that the answer to some of today’s most pressing problems lies within your veins — whether the modality be palm recognition, finger vein recognition, etc.”
Risk signals are out. Assurance signals are in
Dunkelberger explains this issue, commenting: “Risk signals are going to take the backseat as organizations realize that assurance signals bring more value in the current working environment. Remote work is here to stay, which means former physical perimeters have been disrupted. And with the threat landscape more active than ever before, more specific assurance signals of who is in and out of our networks will become essential in 2021. As organizations place a stronger emphasis on these assurance signals, they will also be forced to consider all of the parties active within their network. It’s no longer just customers or employees, but partners, third parties acting as these people and more. Knowing exactly who is there will become one of the most important pieces of organizations’ security postures in the new year. ”
Remote work will be polished by cleaning up rushed security and adding strong UX
Dunkelberger looks at the current levels of disruption from the coronavirus: “COVID-19 has shined a spotlight on the culture of breach in 2020. Even though organizations were able to scramble and survive the rapid shift to remote work, as a whole, they were not prepared for the amount of phishing and ransomware attacks that came with it.”
As to what next year has in store, Dunkelberger explains: “In 2021, overall security posture will be re-assessed through a new perspective now that the frail nature of so many systems has been revealed. As organizations evaluate their 2021 budgets, they will be forced to allocate company dollars towards the weak areas that COVID exposed in 2020. In order to prevent further damage as the remote work trend continues, these organizations will need to place a serious focus on embedded security in order to address threats from an infrastructure level.”
Dunkelberger concludes: “Furthermore, as organizations make these adjustments, they will need to remain hyper vigilant on striking a balance between strong user experience and robust security protocols. While gaps and hiccups have slipped through in 2020 due to the rapid transformation, organizations will need to polish their processes in 2021 to ensure users are both satisfied and protected.”