Menu
0
0

Your Cart is Empty

Add description, images, menus and links to your mega menu

A column with no settings can be used as a spacer

Link to your collections, sales and even external links

Add up to five columns

  • Add description, images, menus and links to your mega menu

  • A column with no settings can be used as a spacer

  • Link to your collections, sales and even external links

  • Add up to five columns

    • Home  / The Trust Panda Blog
    Previous  / Next

    January 01, 2025 4 min read

    The year 2024 presented significant challenges in cybersecurity, with the rise of new threats like AI-powered phishing and more advanced cyber-attacks. Yubico's September Global State of Authentication Survey highlighted these growing concerns, emphasising the increased risks associated with these evolving threats. The report underscored the critical need for the widespread implementation of security measures such as multi-factor authentication (MFA) and phishing-resistant passkeys to mitigate these dangers.

    While the survey results were eye-opening, they also presented businesses with an opportunity to assess the effectiveness of their current cybersecurity practices and consider what changes should be implemented in 2025. Whether prompted by rising threats or shifting global regulations, it’s clear that the coming year will bring significant cybersecurity changes across organisations.

    To gain insight into where the industry is headed in 2025, Trust Panda have summarised some recently shared top trends and predictions from Yubico experts below.

    Trends

    The future of digital identity wallets and security technologies is rapidly evolving as threats to online identity and cybersecurity increase. Stina Ehrensvard, the founder of Yubico, emphasises that the internet, once a tool for sharing information, has become a major threat to democracy and security due to bad actors exploiting stolen or fake identities. She advocates for digital identity wallets as a solution, allowing users to control when and with whom their personal data is shared. These wallets, which store data such as driver’s licenses, insurance cards, and educational credentials, can be secured using FIDO-based authentication. Ehrensvard predicts that by 2025, many countries will adopt these digital wallets, bolstered by the growing use of open standards for digital identities.

    Derek Hanson, VP of Standards and Alliances at Yubico, discusses the rise of passkeys as a secure alternative to passwords. He acknowledges that while passkeys are becoming more widely accepted, organisations need to ensure effective strategies are in place to maximize their potential. Hanson also highlights the limitations of SMS-based multi-factor authentication (MFA), which is prone to security risks, and suggests that the broader adoption of passkey authentication could drive more secure user experiences.

    Chad Thunberg, CISO at Yubico, warns that AI-driven phishing attacks will become increasingly sophisticated. With the use of generative AI, attackers can automate and personalise phishing campaigns, making them more effective. Thunberg advises that traditional MFA solutions are already 

    vulnerable, and as AI advances, phishing-resistant security methods such as hardware-based authentication are essential to mitigate these threats. He also anticipates the broader adoption of content authenticity standards to counteract the rise in AI-generated attacks.

    Predictions

    Cyber threats in the financial services industry are becoming increasingly severe, with the sector recently surpassing healthcare as the most breached industry. Financial institutions are highly susceptible to cyber-attacks, especially phishing, with individuals in the finance sector being among the most likely to open phishing emails. The rise of generative AI will only accelerate these threats, exposing banks, credit unions, and other financial organizations to risks like consumer trust loss, financial damage, and potential regulatory penalties, as well as operational disruptions.

    A growing response to these challenges is the adoption of passkeys by banks. For example, PKO Bank Polski has led the way by implementing YubiKeys to secure customer access to e-banking services, making the authentication process more phishing-resistant. This trend is expected to continue in 2025 as more financial institutions recognize the benefits of passkey adoption.

    Government and regulatory bodies are pushing for stronger security measures, particularly the implementation of Multi-Factor Authentication (MFA) and secure digital identity practices. The latest revisions to PCI DSS 4.0 stress the importance of tying digital identities to individuals and implementing phishing-resistant MFA based on standards like FIDO2/WebAuthn. Additionally, the use of Verifiable Credentials (VCs) is gaining traction, especially in Europe, with expectations for adoption in North America and Asia-Pacific. VCs, supported by phishing-resistant MFA, are expected to provide a more secure and interoperable means of verifying digital identities.

    PCI DSS also emphasises reducing the reliance on human knowledge for authentication, encouraging user-friendly, identity-tied, and phishing-resistant solutions. This shift towards passwordless solutions will be vital as financial institutions continue to focus on improving security and user experience. The trend toward stronger authentication strategies will further progress towards a passwordless future.

    In addition to these industry-specific initiatives, governments worldwide are also focusing on cybersecurity regulation. In 2024, the U.S. federal government mandated the adoption of Zero Trust principles for all civilian agencies. Similarly, Europe introduced the NIS2 Directive to enhance cybersecurity across EU businesses, and Australia updated its Essential Eight framework to address the risks of weak MFA in sectors like banking. In 2025, governments will continue pushing for stronger cybersecurity measures, including the widespread adoption of Zero Trust and phishing-resistant MFA solutions.

    Critical infrastructure sectors, such as utilities, also face significant cybersecurity challenges. With stolen credentials being the cause of 80% of cyberattacks, adopting Zero Trust methodologies and phishing-resistant MFA is crucial. Industries like energy, which have already adopted Smart Cards as a form of MFA, are ahead in this regard. Other sectors must also push for stronger authentication solutions, particularly in operational technology (OT) networks, and invest in technologies that isolate legacy systems behind strong access controls. Modern MFA, such as FIDO2/WebAuthn passkeys and Smart Cards, provides robust protection against phishing, securing both IT and OT environments.

    Overall, the financial services sector and other industries must prioritise adopting phishing-resistant MFA solutions and Zero Trust architectures to protect against increasingly sophisticated cyber threats. By doing so, they can ensure stronger security for both their operations and their customers.