Ensuring a smooth transition to next generation of the web
The excitement surrounding Web 3.0 largely rests on this ownership and control factor. The blockchain technology that underpins Web 3.0 will imbue consumers and brands with direct ownership of their data, enabled through non-fungible tokens (NFTs).
However, as organisations prepare for Web 3.0, it’s becoming clear that most are ill-equipped for this next phase of the internet. With progress comes new threats and we are likely to see a new cyber frontier that the vast majority of companies are unprepared for.
There are two factors informing this unpreparedness.
First, we’ve become accustomed to living in a digitised world. There are few processes today that don’t have an online component. We can pay bills, renew the insurance, sign a mortgage, transfer money, keep in touch with friends and sign a permission slip – all online. In-person, face-to-face interactions are quickly becoming a rarity and being overtaken by fully digital interactions and transactions. In some ways, this is a welcome change as processes that took up an entire Sunday morning now take minutes.
In this increasingly digitised world we risk losing a sense of realness and legitimacy. It may have started with Instagram filters that animated our faces, or filters that modified our appearances. But has now evolved to bots buying concert tickets and boosting the popularity of influencers. We’re also now seeing a rise of deepfakes and fake news, making many of us question what is true or false in a way we never used to. Unfortunately, it hasn’t taken long for criminal organisations and rogue nation-states to cotton on to this trend and take advantage.
This issue of real-ness now plagues both businesses and individuals and it has become apparent that companies aren’t prepared to verify or protect against this new threat. And not only do businesses need to protect their employees and existing customers, but they also need to protect the future customers they are looking to acquire.
This brings us to the second factor. Organisations are also unprepared for Web 3.0 because the current security solutions, processes, and customer experiences available weren’t designed to meet the use cases of today. What we are trying to protect has changed and so has the way in which we must protect it.
Web 3.0 means this has to change.
With Web 3.0, we are boldly embracing and accepting a digitised world, one which we hope will be quick, easy and hopefully fun. But we cannot forget the security threats that lurk in the background. For example, is the document we’re signing legitimate, or is the person who joined the video call actually who they said they were?
The majority of us tend to be a little too trusting. We don’t always fully check the things we sign, buy or accept. Traditionally, security has been focused on securing end-to-end processes typically with employees but this has to change. Security instead needs to be focused on securing and authenticating the actual interactions that occur digitally between, and among, people and companies. The transition to Web 3.0 will expose new vulnerabilities for organisations, namely within their interaction models. This will make authenticating and identifying all involved parties and maintaining a “chain of custody” a vital step.
Although solutions such as MFA, biometrics and token-based authentication have emerged, they don’t cover the entire customer transaction lifecycle. We can no longer just secure endpoints anymore, we must secure digital processes and customer interactions. This will require continuous authentication and identity verification no matter where that interaction takes place.
Despite the industry’s best efforts, those with bad intentions continue to remain one step ahead. To match their pace in Web 3.0, authentication and identity verification methods need to be continuous, but it needs to be more than MFA.
Web 3.0 means that we will live and transact even more through online channels. In order to keep business and consumers safe, authentication and verification techniques will need to evolve to become more sophisticated and stringent. This means confirming your identity before you join a Zoom meeting. This means organisations developing accurate – and reliable – audit trail capabilities for all interactions, plus capabilities that prevent one person from signing or giving consent for their co-worker. These processes may seem excessive, but it’s what must happen to make these experiences safe.
Importantly though, we cannot sacrifice the experience to do this. Verifying who we are doesn’t have to be disruptive, it can be quick and seamless. If the technology is built right and security is woven throughout.
For Web 3.0 to be a success, it has to be built with security in mind. We’ve learnt numerous lessons from the development of Web 1.0 and 2.0. We know how hackers and fraudsters manipulate these systems to take advantage of businesses and consumers. It’s now our turn to be one step ahead.