Skip to main content

How can organizations distinguish between an attacker and a legitimate user?

 

Cinco Días / Opinion / April 25th 2019

The use of technologies such as cloud and mobile devices within organizations has brought a multitude of benefits to businesses, but the area of attack of organizations has increased considerably. Attackers are continually looking for weak points, cracks through which to sneak into an organization  and the consequences are well-known: stolen money, sensitive information leaked, deterioration to the image of the organization and loss of confidence by customers.

Of course, one tactic employed by attackers is the impersonation of identity. If there is no way to verify that a person or electronic device are who they claim to be, how can organizations distinguish between an attacker and a legitimate user? This inability is an Achilles heel.

Therefore, digital identity is essential to ensure security and strengthen trust in any organization, whether it belongs to the public or private sector. The digital world involves a continuous interaction between people, electronic devices and data. How then to make these interactions safe and controlled, and that the data does not fall into unwanted hands? Digital identity can contribute to this.

The digital identity is based on a unique set of data that are associated with a user or an electronic device. To better understand this concept, it is often compared with the passport: through this type of document you can verify that we are who we say we are by means of certain attributes (photograph, numbers, personal data that can be contrasted). In digital identity the same thing happens, only that these attributes are digital.

That is, if someone pretends to be someone who they are not in order to sneak into an organization, it is possible to halt their progress and prove that their credentials are not authentic. In a scenario in which passwords and double-factor authentication have ended up being revealed as fallible and insufficient in the face of fraud and unwanted access, digital identities can be the best alternative to maintain the level of security and thus strengthen trust, both in private companies and in public administrations.

Will there come a day when countries and organizations will fully adopt a system for the issuance and management of digital identities? We hope so, since having to resort to a digital identity, only authorized users and devices will be able to access a certain network or an application, so that security will be strengthened and the internet safer.

Javier Natividad, Comercial Director of vintegrisTECH

Leave a Reply