Data Protection Frenzy: Like Seagulls to Hot Chips
In the wake of the damaging cyber-attacks on some of Australia’s best-known companies, their brand value has taken a significant hit. Take Optus for example. Optus’s brand value fell 19% dropping their ranking in the top 100 most valuable brands* from 11th in 2022 to 17th in 2023. In dollar terms that equates to a fall in value of circa $700m adding to the already eye-watering cost of the breach. It would be fair to assume that most companies listed in the top 100 brands would be loath to see similar values wiped from their brand. In both the consumer and business world trust is paramount in building brand. What can take decades to build, can take moments to destroy.
Following the breaches, data security firms from start-ups to the largest publicly listed cyber businesses have been like seagulls to hot chips – a literal feeding frenzy. Problem is most are late to the party; once the oil has spilled into the ocean, it’s nigh on impossible to put it back into the tank. So, the best solution is not to let the problem happen in the first place. Right? Easier said than done.
The reactive solutions being touted included strengthening passwords (there’s a novel approach), use 2-factor/multi-factor authentication (OK, but far from fail safe), update software on all devices (sure), be mindful of scams (getting harder to establish), and monitor credit files and accounts for unusual activity (what percentage of the population are doing that?).
Being perfectly candid, we’re in a sophisticated game of cops and robbers where the robbers are constantly inventing new ways to break into ‘data safes’ and the cops (aka security experts) are trying to stay one step ahead. It’s a game where the slightest misstep can have dire consequences. The focus needs to be on keeping ahead of the game. One of the key proactive approaches is the adoption of facial liveness detection that focuses on verifying that a system user is a real person and not an impersonator or fraudster.
Facial liveness detection involves analysing the user’s facial features and movements to determine if they are a living person. This can be done through a variety of methods, such as asking the user to blink, smile or nod their head, and using sophisticated computer algorithms to analyse facial expressions and movements. Facial liveness detection can be a powerful tool for preventing fraud as it can help to ensure that the person attempting to access a system or service is the legitimate user and not someone using stolen credentials or a fake identity. Facial liveness detection is much harder to bypass as it requires the user to physically demonstrate that they are a real person.
For organisation’s intent on protecting their brand and reputation, adopting an identity system that incorporates facial liveness is one of the most proactive steps that can be taken to combat the increasing threats. By way of example, can you imagine inside your organisation an identity system that no longer requires employees to enter their usernames and passwords? No more pet names to protect your most valuable asset!
Undoubtedly, the most secure path is the adoption of a highly sophisticated digital identity service that those businesses recently targeted by hackers, could now use to verify people’s identities to minimise (if not eradicate) the need to collect and store digital identity data and images of identity documents. Facial liveness built into the overall identity and security strategy will be a powerful tool in combatting the inevitable continuing threats. Liveness does not stand alone as the solution. Rather, when carefully and strategically embedded into the overall identification process, it will provide the extra layer of security that has been sorely missing. No doubt, many Australian businesses will be looking for specialists to help them implement these much needed security solutions.
*Source: Brand Finance annual report on the most valuable and strongest Australian brands, January 2023
Disclaimer (see below)
No content or any part thereof (Content) may be modified, reverse engineered, reproduced or distributed in any form by any means, or stored in a database or retrieval system, without the prior written permission of BRYK Group or its affiliates (collectively, BRYK). The Content shall not be used for any unlawful or unauthorised purposes. BRYK and any third-party providers, as well as their directors, officers, shareholders, employees or agents (collectively BRYK Parties) do not guarantee the accuracy, completeness, timeliness or availability of the Content. BRYK Parties are not responsible for any errors or omissions (negligent or otherwise), regardless of the cause, for the results obtained from the use of the Content, or for the security or maintenance of any data input by the user. The Content is provided on an “as is” basis. BRYK PARTIES DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, FREEDOM FROM BUGS, SOFTWARE ERRORS OR DEFECTS, THAT THE CONTENT’S FUNCTIONING WILL BE UNINTERRUPTED OR THAT THE CONTENT WILL OPERATE WITH ANY SOFTWARE OR HARDWARE CONFIGURATION. In no event shall BRYK Parties be liable to any party for any direct, indirect, incidental, exemplary, compensatory, punitive, special or consequential damages, costs, expenses, legal fees, or losses (including, without limitation, lost income or lost profits and opportunity costs or losses caused by negligence) in connection with any use of the Content even if advised of the possibility of such damages. BRYK assumes no obligation to update the Content following publication in any form or format. The Content should not be relied on and is not a substitute for the skill, judgment and experience of the user, its management, employees, advisors and/or clients when making business decisions. While BRYK has obtained information from sources it believes to be reliable, BRYK does not perform an audit and undertakes no duty of due diligence or independent verification of any information it receives.