France Identité and the New York mobile driver's licence project are two examples of digital identity projects that need to be monitored more closely.
Those companies that rely on reliable, secure and constantly evolving identity verification platforms will be better equipped to avoid risks and safeguard their customers’ sensitive information. The attacks suffered by Okta between September and October 2023 underline the importance of adopting robust security measures.
s organisations adopt decentralised architectures and rely increasingly on digital identities, the importance of adopting robust threat detection and response systems is growing.
Over the past 2023, identity-based attacks have impacted all types of businesses. According to a survey by Dimensional Research, 90% have experienced this type of phenomenon, with 70% falling victim to one of the most common attacks: phishing.
Inefficient identity management has financial consequences for 99% of companies. Some 42% report losses in excess of $100,000 per year due to these inefficiencies, according to the survey. The study reveals that legacy identity management technologies and the adoption of multiple solutions, and the lack of interoperability between them, directly affect business security and efficiency, according to 96% of respondents.
Most companies admit to experiencing problems with their identification and access systems, although they do not always rely on the most appropriate providers to prevent them. These problems could be summarised in a number of key areas:
- Too many different identification and access systems in the same organisation.
- A poorly structured permission structure, which complicates management.
- Investment in digital identification resources that are not being used effectively.
- Feeling of not using the best possible technologies. Need for improvement and lack of strategies to achieve it.
Request personalised advice from our identity and fraud experts and avoid financial losses.
Security breach in Okta’s support system: the importance of catching fraud before it happens
The consequences of a lack of updates, fragmented systems and flaws in security strategies increase the risks, as in the case of Okta, a San Francisco-based digital identity and access solutions company, which experienced a security breach in its support system between September and October 2023, leading to the exposure of a large amount of sensitive customer data.
David Bradbury, Okta’s chief security officer, revealed that, from an unknown source, unauthorised access to the systems had been detected by leveraging stolen credentials. This intrusion allowed the attackers to view files uploaded by certain Okta customers in recent support cases.
In the course of normal operations, the Okta team asks customers to provide HTTP Activity Log (HTTP Archive or simply HAR) files. These files are essential for diagnosing problems, as they replicate the user’s browser activity. However, HAR files can also contain sensitive data, such as cookies and session tokens. Attackers can use this data to impersonate legitimate users.
In response to the security breach, Okta took a number of measures, such as revoking session tokens to prevent further unauthorised access. In addition, it shared a list of suspicious IP addresses with its customers, allowing them to search the system logs for any suspicious sessions, users or addresses, in an attempt to strengthen security.
VideoID at the heart of a robust plan to verify users
Businesses and users need to be aware of the sensitivity of the data they share, even in seemingly harmless technical support situations. Cybercriminals adopt a variety of ways and techniques to circumvent the most sophisticated digital identification and access technologies
From the TrustCloud platform, all solutions involved in a digital transaction are synchronised in an attack-proof environment.
Aware of the potential weaknesses in video identification processes that could lead to incorrect verification or impersonation, our specialists are constantly working to strengthen their technological solutions.
VideoID, TrustCloud’s video identification solution, is based on a series of robust measures that proactively strengthen the security of the system. In both agent-assisted and unassisted modes, where users complete the process on their own, guided by the platform, these security measures progressively add new layers of protection to increase the reliability of the platform. Request a demo now.
TrustCloud VideoID incorporates artificial intelligence analysis of the security elements of a valid ID document, human review of the documentation provided, biometric verifications, real-time proof-of-life, one-time passwords (OTPs), multi-factor authentication, etc.
Okta addressed the consequences of the breach by collaborating with affected customers and taking measures to protect the integrity of its core service. However, the attack not only affected Okta itself, but also had ramifications for other companies with integrated solutions, such as BeyondTrust. Its security teams criticised Okta for its lack of immediacy in responding to the crisis. This incident also underscores the continued need to improve security protocols and cyber threat awareness.
New threats that require continuous retraining to improve electronic IDs
One of the threats that has grown the most in recent years, thanks to the development of Artificial Intelligence, is deepfakes: an impersonation method that will increase 30-fold by 2023.
TrustCloud VideoID also addresses these threats by incorporating advanced deepfake detection mechanisms and Generative Adversarial Networks (GANs).
TrustCloud, in its unwavering commitment to the security of its customers, is continuously striving to improve its security protocols. Thanks to a team of experts with in-depth knowledge of the latest image and video manipulation technologies, the platform has specific measures in place, such as continuous audio and video recording throughout the verification process, an expertly managed back-office service, and the integration of various artificial intelligence and document fraud detection solutions. These additional measures reflect TrustCloud VideoID’s commitment not only to accurate authentication, but also to protecting against emerging threats in the field of digital identification.
Contact our specialists and get a free demo of TrustCloud VideoID today