2023: Perspectives from the ForgeRock C-Suite
Predictions on insider threats, passwordless authentication, artificial intelligence, and more
Few industries move as quickly as cybersecurity, broadly, and the identity and access management (IAM) segment, specifically. There is a constant barrage of novel threats that can lead to costly breaches — and innovative, new ways to combat them. Seismic changes in the workplace push IAM leaders to create solutions that protect employees and data no matter where they are. And an evolution in the way people consume apps and services — conducting more and more of their personal business online — means we must help our enterprise customers meet new expectations for security, personalization, and seamless digital experiences.
The changing nature of the industry is why it's become something of a tradition to look at emerging trends and predict where they may take us in the coming year.
Recently, ForgeRock executives shared their views on trends related to digital identity and the challenges organizations will face in 2023. Their perspectives are based on their own expertise along with what they're hearing from extensive discussions with customers and what they're observing across the industry at large.
Sweeping corporate layoffs will cause insider threats to rise
As we head into 2023, the security risk associated with third parties is not going away. With the threat of an economic downturn, many companies are conducting hiring freezes and, unfortunately, massive layoffs, causing insider threats to rise to crisis levels. To fill in workforce gaps, many companies will turn to consultants to get them through this tumultuous period of economic uncertainty.
However, consultants and contractors can bring the unintended risk of breaches to an organization's doorstep. They often get access to sensitive information and are allowed on company networks, but their security practices and training may differ from full-time employees. If a consultant's device is compromised, it's too easy for malware to make its way into an organization's network and spread to other devices, putting the whole organization at risk.
One solution is a more robust governance solution to give enterprises better visibility into who has access to what information, on what device, and from any location. For large enterprises, the only way to truly manage this governance is with the aid of artificial intelligence (AI) and machine learning.
Artificial intelligence adoption in identity will accelerate
The integration of AI has been growing in cybersecurity and we can expect to see further adoption in the identity and access management space in 2023. The massive transformation to digital engagement, paired with the remote nature of our working lives, has opened the door for new and more relentless types of attacks, like account takeovers, inappropriate access, and fraud. Alongside the widening skills gap facing the cybersecurity industry, and the increasing sophistication of threat actors, enterprises need to transform their solutions to stay ahead.
Enterprises should use all the tools at their disposal to stay ahead of cyberattackers and secure their systems, while ensuring a seamless experience for end-users. AI-powered cybersecurity defenses are among the strongest tools organizations have in their arsenal against cybercrime and will be front and center in the next big tech wave for preventing cyberattacks.
Retailers will blaze the trail in implementing passwordless authentication for consumers
Passwordless has been in our crystal ball for a very long time – but never has it been closer than now. Retailers, in particular, are facing increased security, fraud, and account takeover threats as they adopt new digital channels and technologies. We see them leading the way in implementing broad consumer adoption of passwordless authentication.
Digital wallets and biometrics have become critically important for unlocking consumer devices and enabling easy next steps such as purchase approval. In self-checkout scenarios, retailers face unique challenges since physical fraud can also be a major concern. Many retailers are feeling the pressure to go fully self-service in a legally compliant way even in the case of selling age-restricted goods such as liquor. Typically, such purchases require intervention by staff to check someone's physical ID, which slows checkout.
In these scenarios, digital wallets are getting a second look as a source of not just payment, but also verified user information presented in a format that the user can't tamper with. As more retailers adopt passwordless and make it more mainstream, we're going to see more and more consumers pulling it into their everyday lives. This is the nail in the coffin for passwords long-term, and in 2023 retailers will make more deliberate efforts toward the integration of the passwordless society we've been working toward for so long.
Workplace volatility will shift cybersecurity practices in 2023
Gartner predicts that by 2025 "labor volatility" will "cause 40% of organizations to report a material business loss, forcing a shift in talent strategy from acquisition to resilience." I believe we're going to see this truly begin in 2023, and it's going to put an even greater emphasis on the identity perimeter as related to the workplace.
As more cybercriminals target employees to gain unauthorized access to the greater organization, businesses will take measures to reduce vulnerabilities that attackers are slipping through. Overprovisioning, rubber-stamping access requests, and out-of-control shadow IT are putting a strain on enterprises and their ability to manage the volume and velocity of IT requests. Prepare to see more passwordless technology gaining traction in the workplace, plus greater security measures related to things like physical access to buildings, registering for hotdesk using software, digital access to services, and collaboration tools.