Why digital identity is the ultimate battleground in cybersecurity

security
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)

We’ve been living with widely-available generative AI tools for nearly two years now, so the time is right to ask the question – what effect is it having on the public’s understanding of their own digital identities, and how safe their identities are online? The answer, unfortunately, shows there’s a lot more work to do to improve our security online in the age of AI. In some recent research Okta commissioned, an overwhelming 93% of consumers across Europe are worried about digital identity theft, and over half (54%) of consumers have heightened their awareness of their digital footprint over the past year. This increased vigilance is driven by the surge in cyberattacks and the rise of AI, which both present new challenges and amplify existing vulnerabilities in the online environment.

Given that it is the entrance to any experience in a digital-first world, focusing on digital identity must be a priority. It serves as the foundational layer of security and access control. With 80% of cybersecurity attacks stemming from credential abuse, identity-based attacks have become a top method for bad actors, exploiting weaknesses in authentication processes. In response, business leaders must rapidly adopt rigorous security strategies and foster a security-conscious work culture, especially in the era of AI.

Stephen McDermid

Chief Security Officer for EMEA at Okta.

Growing adoption of cyber hygiene practices

Over half (52%) of UK consumers know someone who has had their personal details hacked. Clearly, there is already a concern about cybercrime and a willingness to improve cyber hygiene. For instance, 43% of people in the UK report using different passwords for every online account, a practice that significantly enhances security by ensuring that a breach of one account does not compromise others. In contrast, only 11% use the same password for everything, indicating a growing recognition of the risks associated with password reuse. The shift towards more secure online behaviors reflects a broader understanding of the importance of protecting personal information in an increasingly digital world.

While it’s heartening that consumers have a basic understanding of cyber hygiene, the results show that this simply isn’t enough. Users need help managing their passwords – which we should ultimately be moving beyond anyway - and fear still remains around the implications of AI and the potential security threat that it poses.

AI’s dual role in cybersecurity

The boom in AI has introduced a whole new dimension to Europe and the UK concerns around digital identity. On the one hand, AI enhances cybersecurity by detecting and mitigating threats faster than traditional methods. However, it also presents new risks by enabling more sophisticated cyberattacks, such as AI-generated phishing schemes. The negative implications of the technology appear to be where most UJ consumers are focusing their attention with over half of consumers (54%) across the UK thinking that AI has made the online environment less safe, this rises to two thirds (66%) amongst 18-24 year olds. Furthermore, AI increases the likelihood of digital identity attacks.

The UK public is well-aware of the risks that AI poses, it’s vital that regulation is therefore put in place to mitigate these risks and ensure that we can realize the potential benefits of the technology in a safe and secure way.

Workplace accounts – the forgotten threat

The average consumer has 100 accounts to their name, ranging from social media to online shopping to subscription services. There’s a huge range, but they’re not all equal in terms of risk. Unsurprisingly, financial service and online banking accounts are top of consumers’ worries because it’s where their money is. In fact, 60% identify it as their primary concern, but are they missing a trick?

In some recent cyberattacks such as the NHS hacks and MailChimp data breach in 2022, workplace accounts were the main vector that attackers used for cracking into an organization's system. Despite this, workplace accounts are considered primary targets by only 2% of UK consumers. Organizations must take note of these attitudes. If the workforce doesn’t think that these digital identities are a target for cybercriminals, then businesses must make sure that those accounts are more secure as their workers simply aren’t paying enough attention.

Balancing convenience and security

Clearly there is a concern around cybersecurity and a willingness to become more resilient as shown by the 71% of European consumers that are actively planning to improve their digital identity strategies for enhanced security. Whilst 45% consider protecting their online identity as a personal responsibility, businesses must also do more to protect their identity ecosystems – as shown by the limited consideration for workplace accounts. The approach must be collaborative as agreed with by the 26% of consumers that believe protecting online identity should be a shared responsibility. For this to work effectively we need individuals to take proactive measures, governments to enforce regulations, and businesses to implement robust security measures to ensure a safer online environment for everyone.

One key change should be to make passwords a thing of the past. Not only are they less secure but they also create an added layer of friction for users with 65% of respondents to Okta’s Customer Identity Trends Report 2023 feeling overwhelmed with the number of usernames and passwords they have to manage . Fortunately, there are passwordless options that offer both stronger authentication and more convenience for consumers. For example, enabling users to authenticate with biometrics reduces friction during authentication and increases security since the flow is generally not “phishable”.

With growing cybersecurity concerns in Europe and across the UK, business leaders must rapidly adopt rigorous security strategies and foster a security-conscious work culture, especially in the era of AI, where advanced technologies can both enhance and threaten security measures. This involves implementing multi-factor authentication, passwordless technology, continuous monitoring and regular updates to security protocols while promoting cybersecurity awareness among employees. By integrating these practices into overall business strategy, organizations and governments can protect sensitive information, maintain trust and ensure resilience in an increasingly digital world.

We've featured the best identity theft protection.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Chief Security Officer for EMEA at Okta.

Read more
Hands typing on a keyboard surrounded by security icons
The psychology of scams: how cybercriminals are exploiting the human brain
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
An abstract image of a lock against a digital background, denoting cybersecurity.
Building a resilient workforce security strategy
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
An image of network security icons for a network encircling a digital blue earth.
Why effective cybersecurity is a team effort
An abstract image of digital security.
Identifying the evolving security threats to AI models
Latest in Pro
Group of people meeting
Inflexible work policies are pushing tech workers to quit
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
An image of network security icons for a network encircling a digital blue earth.
Why multi-CDNs are going to shake up 2025
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Latest in News
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is about to make a major announcement about the MCU, and nobody's sure what it'll be
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
Group of people meeting
Inflexible work policies are pushing tech workers to quit
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards