Every Year Again: The Merry Christmas Ransomware
Zurich, March 2024 – According to a recent BSI study, identity theft and ransomware are the biggest IT threats in Germany. The urgent need for companies, public authorities and other organisations to catch up in terms of cybersecurity was shown recently by a much-discussed data disaster when the Russian secret service released confidential discussions by the German armed forces into the public domain. With this in mind, the specialists for secure, passwordless authentication solutions at Nevis Security AG have the following advice: If you really want to reliably protect sensitive information against unauthorised access, you need an approach that can adapt to new types of attacks and scenarios. Read on to learn why there is no getting away from customer identity and access management in 2024 and beyond.
Increasingly sophisticated methods of attack require customised CIAM protection
As hackers become more and more professional, they are also increasingly offering their fraudulent services on the market as “Crime-as-a-Service” (CaaS). This enables criminals who do not possess any specialist IT knowledge to carry out fraudulent activities, which significantly increases the efficiency and extent of cybercrime. This is also revealed in the Europol report “Cyber-attacks: the apex of crime-as-a-service”. According to the report, phishing emails that contain malware or the exploitation of vulnerabilities or the Remote Desktop Protocol (RDP) are particularly popular methods of penetrating other people’s systems. A stolen password can be used to start more far-reaching kill chains. To stop these types of chains in their tracks, CIAM is increasingly taking centre stage when it comes to protecting sensitive data.
Prioritise data protection and strengthen compliance
Organisations have to comply with numerous regulatory requirements and data protection laws that govern how customer data is handled. CIAM keeps companies on the right side of compliance requirements by helping them implement privacy policies, manage consent options and provide audit trail capabilities to track the use of customer data.Strong authentication methods such as two-factor authentication can make access to accounts more difficult and thus thwart cyberattacks. This also supports compliance with data protection and security standards.
CIAM is a central pillar of future-orientated security strategies
To manage user and customer data as well as access rights, you need diverse and robust security measures to protect sensitive information from loss and cyberattacks. Customer identity and access management, or CIAM, includes functions such as multi-factor authentication (MFA), single sign-on (SSO), data encryption and access controls to keep personal data secure while also guaranteeing compliance with data protection regulations such as the GDPR. CIAM provides the essential foundation on which you can build robust security measures against unauthorised data access or loss, cyberattacks and more.
AI to the rescue: AI in CIAM opens up opportunities
According to a study by McKinsey, a third of all companies surveyed worldwide are already using artificial intelligence – and the trend is rising. AI is therefore playing an increasingly important role in reliable security strategies that are designed to ensure comprehensive security. At the same time, attackers are also increasingly turning to AI. In the future, AI will also play an increasingly important role in the area of identity management. It is already an integral component of today’s solutions, especially for fraud detection and preventing account takeovers (ATO). Context information such as geolocation and device fingerprints are used to calculate a risk score with the help of AI algorithms. The appropriate use of AI in CIAM systems can enhance security, optimise processes and create competitive advantages. However, clear communication on how AI systems work is the key to strengthening the trust of customers and users.
Using self sovereign identity to retain control over identity data
For most people today, protection of their personal data is very important – especially when it comes to their emails. According to a Nevis study, around 58 per cent of private users see email as particularly worthy of protection. Self sovereign identity (SSI) allows users to retain control over their own identity data – typically by storing it in digital wallets and sharing it on a selective basis. Companies can use SSI principles in the CIAM environment to give their customers control over their profile information and authorisation rights. SSI uses cryptographic technologies to ensure data protection and data security.
Stephan Schweizer, CEO of Nevis Security AG, comments: “In an increasingly competitive business environment, trust is central to the relationship between customers and organisations. If companies and public authorities rely on a powerful CIAM system, they can strengthen this trust, put a stop to cybercrime and fully protect sensitive data.”
###
About Nevis Security AG
Nevis Security AG is a pioneer in digital security and a strong advocate for the use of passwordless, user-friendly access solutions worldwide. As the market leader in Switzerland in the area of customer identity and access management (CIAM), Nevis provides organisations in the financial, insurance and iGaming sectors with the highest level of data protection and seamless authentication procedures. Nevis technology secures over 80 per cent of online banking transactions in Switzerland – demonstrating the company’s expertise and commitment to innovation. Headquartered in Zurich/Switzerland with offices across Europe, Nevis is constantly expanding its global presence through a rapidly expanding partner network, emphasising its role as a key player in the digital ecosystem. Nevis aims to strengthen its position as a leading authority in digital identity security worldwide and to provide scalable, forward-looking solutions that meet the growing needs of its customers. For more information, visit www.nevis.net.
Press contact
EPOS Marketing
Stephanie Sommer
nevis@epos-marketing.com
