Digital ID : The Cyber Security Imperative

Last updated: 19 December 2022

You don’t have to look very far to find evidence of a rise in cyber crime. It seems we can’t go a month without some news of a large data-breach.

There’s no shortage of statistics either – and none of them make for easy reading. Here are just a few recent ones, announced in time for cyber security month:

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber-attack.
  • There were 22 billion breached records in 2021
  • The latest Anti-Phishing Working Group (APWG) “Phishing Activity Trends Report” for the second quarter of 2022 found 1,097,811 observed phishing attacks, the most the group has ever measured in its history.

Dematerialization of identity

Set against this backdrop, there has also been a dematerialization of proving ones identity – which could further put consumer data at risk.

What do we mean by the dematerialization of identity? Think of various incidents where you must prove who you are. That could be providing your passport and social security number when starting with a new employer, presenting bank statements and proof of address when applying for a mortgage or loan, or even proving your vaccination status when travelling – just to name a few.

In most of these instances, having to provide these documents online is not just commonplace – it’s the norm.

Convenience causes risky behaviours

Digital means of proving identity are the way forward and provide a number of benefits; customer convenience and ease being one of them. However, if not done in a secure way – it could put the end-user’s data at risk.

We surveyed consumers from across Europe and discovered that many are engaging in risky behaviours when it comes to sharing their identity credentials.

While many see digital IDs as a convenient means of carrying and showing something that needs to be used frequently – only 27% have an official Digital ID. A far higher proportion of consumers rely on screenshots, digital photos or a scan of their physical ID or similar official document.

Even a sizeable majority of those who have official digital IDs admitted that they have these copies or scans on their phones. With malware attacks on consumer devices on the rise, important and incredibly sensitive information is at risk – leaving consumers open to fraud and identity theft.

The move towards EU ID Wallets / eIDAS2

We’ve discussed the move towards EU ID wallets and the countdown to eIDAS2 before, highlighting how it’ll impact the everyday lives of citizens, as well as highlighting what consumers want from a wallet.

One of the biggest drivers behind the EU commission, governments and authorities for eIDAS2 is for all citizens to have means of accessing a wallet that is both convenient and easy to use, as well as secure.

In fact, the security credentials of EU ID wallets came to the forefront again this summer when a MEP called for the wallet to follow security by design principles. The draft regulation put forward stated that “it shall be technologically impossible to receive any information on the use of the Wallet or its attributes”.

In addition, personal data should only be stored and processed in the territory of the European Union, where Union and national law apply; such as GDPR. Other stipulations state that user consent needs to be explicitly given in order to store information from the wallet in the cloud.

The shift to sovereign cloud

To accompany digital ID wallet initiatives and the unrelenting shift towards the digitalization of credentials and personal data, many governments around the world are seriously looking at sovereign cloud.

A sovereign cloud ensures digital and data sovereignty. It is a means to maintain physical and digital control over strategic assets, including data, algorithms, and critical software. It helps ensure that data remains free from external jurisdiction control and provides the right protection from foreign legislatively enforced access.

At Thales, we believe digital ID wallet ecosystems are the future of digital identity. They will enable smooth and trusted proof of ID and entitlement anywhere anytime while enabling data privacy to move to the next level by offering the most convenient user experience and compliance with the most stringent security and cyber privacy requirements.

For further reading, please check out the below:

Leave a Reply

Your email address will not be published. Required fields are marked *