Why digital identity is the ultimate battleground in cybersecurity
We’ve been living with widely available generative AI tools for almost two years now, so the time is right to ask the question: what effect does this have on the public’s understanding of their own digital identity, and how secure their identity is online? Unfortunately, the answer shows that there is still much more work to be done to improve our security online in the age of AI. Recent research commissioned by Okta shows that a whopping 93% of consumers across Europe are concerned about digital identity theft, and that more than half (54%) of consumers have become more aware of their digital identity in the past year. footprint. This increased vigilance is driven by the increase in cyber attacks and the rise of AI, which both pose new challenges and increase existing vulnerabilities in the online environment.
As the gateway to every experience in a digital-first world, focusing on digital identity must be a priority. It serves as the fundamental layer of security and access control. With 80% of cyber attacks stemming from the misuse of credentials, identity-based attacks have become a top method for malicious actors, exploiting weaknesses in authentication processes. In response, business leaders must quickly adopt rigorous security strategies and foster a security-conscious work culture, especially in the age of AI.
Chief Security Officer for EMEA at Okta.
Increasing adoption of cyber hygiene practices
More than half (52%) of British consumers know someone who has had their personal information hacked. There is clearly already concern about cybercrime and a willingness to improve cyber hygiene. For example, 43% of people in Britain report using different passwords for each online account, a practice that significantly improves security by ensuring that a breach of one account does not compromise others. In contrast, only 11% use the same password for everything, indicating a growing recognition of the risks associated with password reuse. The shift toward safer online behavior reflects a broader understanding of the importance of protecting personal information in an increasingly digital world.
While it is encouraging that consumers have a basic understanding of cyber hygiene, the results show that this is simply not enough. Users need help managing their passwords – which we will eventually need to move forward with – and there are still fears about the implications of AI and the potential security threat it poses.
The dual role of AI in cybersecurity
The AI boom has introduced a whole new dimension to Europe and Britain’s concerns around digital identity. On the one hand, AI improves cybersecurity by detecting and mitigating threats faster than traditional methods. However, it also poses new risks by enabling more sophisticated cyber attacks, such as AI-generated phishing schemes. The negative implications of the technology appear to be where most UJ consumers are focusing their attention, with more than half of consumers (54%) in the UK thinking AI has made the online environment less secure; this rises to two-thirds (66%) among consumers. 18-24 year olds. Furthermore, AI increases the risk of digital identity attacks.
The British public is well aware of the risks AI poses. It is therefore crucial that regulations are put in place to limit these risks and ensure that we can realize the potential benefits of the technology in a safe manner.
Workplace accounts – the forgotten threat
The average consumer has 100 accounts to their name, ranging from social media to online shopping and subscription services. There is a huge range, but not all are equal in terms of risk. It will come as no surprise that financial services and online banking are consumers’ biggest concerns because that’s where their money is. In fact, 60% consider this their top concern, but are they missing a trick?
In some recent cyber attacks, such as the NHS hacks and the 2022 MailChimp data breach, workplace accounts were the main vector attackers used to break into an organisation’s system. Despite this, workplace accounts are considered primary targets by only 2% of UK consumers. Organizations must take this attitude into account. If the workforce doesn’t think these digital identities are a target for cybercriminals, companies need to ensure these accounts are more secure because their employees simply aren’t paying enough attention.
Balance between convenience and security
There is clear concern about cybersecurity and a willingness to become more resilient, as evidenced by the 71% of European consumers who are actively making plans to improve their digital identity strategies for greater security. While 45% see protecting their online identity as a personal responsibility, companies must also do more to protect their identity ecosystems – as evidenced by the limited focus on workplace accounts. The approach should be collaborative, as agreed by the 26% of consumers who believe protecting online identity should be a shared responsibility. For this to work effectively, we need individuals to take proactive measures, governments to enforce regulations and companies to implement robust security measures to ensure a safer online environment for everyone.
One major change should be that passwords are a thing of the past. Not only are they less secure, but they also create an extra layer of friction for users: 65% of respondents to Okta’s 2023 Customer Identity Trends Report feel overwhelmed by the number of usernames and passwords they have to manage. Fortunately, there are passwordless options that offer both stronger authentication and greater convenience for consumers. Allowing users to authenticate with biometrics reduces friction during authentication and increases security, as the flow is generally not “phishable.”
As cybersecurity concerns rise in Europe and the United Kingdom, business leaders must quickly adopt rigorous security strategies and foster a security-conscious work culture, especially in the age of AI, where advanced technologies can both strengthen and threaten security measures. This includes implementing multi-factor authentication, passwordless technology, continuous monitoring and regular updates to security protocols, while promoting cybersecurity awareness among employees. By integrating these practices into the overall business strategy, organizations and governments can protect sensitive information, maintain trust, and ensure resilience in an increasingly digital world.
We have offered the best protection against identity theft.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, you can read more here: