Digital Identities in a Remote Workforce

How can CISOs protect against increasing fraud activity, and what are the threats to digital identities as we enter a hybrid working model? 

Working from home brought along a cultural transformation, changing our connections and our collaboration, but it also accelerated the rush to online across every sector. That has had significant repercussions for the future of work and security. Suddenly, our profiles—how and why we shop, work and operate—have digitised, if they hadn’t already, and those identities are hot targets for fraud and scammers. 

These technology leaders discuss the inner workings of a hyper-changeable space to understand the balance between user experience and privacy in a data-driven world.

With Jon Bernstein moderating, the speakers of this roundtable include:

• Kevin Trilli, Chief Product Officer, Onfido
• Freddie Quek, CTO, Times Higher Education
• Les McCollum, Managing Vice President, Chief Information Security Officer, ICMA-RC
• Clare Ward, Digital Strategy and Transformation, @aquila
• Hernando Celada, CIO, ChenMed

Digital-first, fraud-first

“It’s a no-brainer that things have picked up,” said Kevin Trilli. “We’re doing more in a digital way and the volume of services and transactions have increased digitally and remotely. In that scenario there is an opportunity for more fraud to happen,” he added.

Kevin went on to describe the cultural ramifications of the present situation, saying that because some people had lost their jobs—including fraudsters—more time was available to opportunistically attack businesses. Digital identity tools has increased in sophistication of late, too, so security chiefs are fighting a perfect storm of complexity. 

Les McCollum had some thoughts on how he is approaching that storm.

“As a security leader we are trying to solve the rubix [or cybersecurity] and the activities of fraudsters who have become much smarter at what they do,” he began. “Previously stolen identities are being used in the pandemic to verify fraudulent identities, so we have to go back and evaluate what the new normal of the hybrid workforce means for us, what it means for our new technologies and solutions that allow us to validate identities, and maybe even create new electronic ways to validate identities.”

Identity crisis

The role of technology came up throughout the debate as both protagonist and antagonist. The tools that are allowing employees to work from home, access online banking or book a flight abroad, is also being used against them to access critical infrastructure. 

Hernando Caleda voiced his frustration on the endurability of fraud, noting how the business has become so large, stolen data has almost become its own digital currency in the black market. 

“It’s a supply and demand issue: from a healthcare perspective, patient data is so potent, so powerful in its almost currency to these people. But they won’t attack via the normal routes; they’ll go round to the side door, to the employee. There’s the issue: it’s the weakest link.”

That weakest in the chain idea was met with agreement with the rest of the roundtable, highlighting once more the social aspects of security. 

“Aviation is interesting,” began Clare Ward, “because we capture different customer data sets that support user journeys, and from loyalty schemes too, so hackers like it. Awareness has increased about the dangers of remote working but I think there’s a product debate to be had here.

“Most at-home users, including ourselves, who are supposed to be security experts, don’t or won’t protect their home set-up in the same way or in the saw quality as our work would. That’s more of an issue now because of the volume of people working from home. Does the responsibility of securing home set-ups lie with the user or the business? 

“If we want maximum security we need to have that debate,” she concluded.

Times Higher Education’s Freddie Quek offered a viewpoint from a different industry once more.

“In finance, financial services are all about going after the bad guys, and being incredibly regulated—with Know Your Customer and anti-money laundering initiatives, which ironically can make it harder for banks to know customers very well, which inhibits identity verification. 

“And don’t forget, it’s not just that more people work from home, it’s how people work from home; families share devices every day and have multiple devices, so the volume of your attack surface multiples and becomes more complex by the day.”

This roundtable is in partnership with Onfido. 

Recognised as a global leader in AI for identity verification and authentication, Onfido digitally proves a user’s real identity using artificial intelligence (AI), by verifying a photo ID and comparing it to the person’s facial biometrics. This means businesses can see their customers for who they are, without compromising on experience, conversion, privacy or security.