It may not always be obvious, but when we buy, sell or share things online, we’re placing inordinate amounts of trust in individuals and organizations.
Unfortunately, not all of these parties are properly equipped to keep our data secure. Others simply don’t have our best interest in mind.
For retired General Fred A. Henry, this is the greatest paradox of our current era.
To participate in the digital economy, we’re required to place trust in people and organizations without ever knowing who they really are.
“You just never know online,” he says, “because people masquerade around with different identities.”
According to General Henry, a 20-year veteran of the IT field, the ever-growing abundance of online data is diminishing the efficacy of our current authorization systems.
Pulling his smartphone out of his pocket and holding it up next to his head, he says, “This thing can empower me with all of the knowledge I can obtain, but it’s creating a lot of data that are exceeding the capacity of some authorization systems.”
He goes on to cite that, by 2020, more than 4 billion people across the world will have access to the internet. Collectively, that population is expected to generate roughly 50 trillion gigabytes of data.
“You have to remember that when you’re online because you leave crumb everywhere,” Henry says, “People are essentially looking to analyze that data.”
Of course, as he explains, much user-generated data is used for positive purposes.
“That data helps to solve societal problems and create competitive advantage in business,” he says, adding, “but there are also people looking to hack your data, to steal your identity. Unfortunately, we make it easy for them sometimes.”
This is bad news for both individuals, who can have their personal information stolen, but also for the companies that these individuals work for. A hacked individual can potentially give cybercriminals access to sensitive corporate data. “In the military, our biggest concern is having data compromised,” he says, “and the weakest link is always the individual.”
Working Toward a Standard of Authentication
Henry believes that two-factor authorization, in which the user enters their name and password, is not a sufficient enough method to keep our data safe. “There has to be improvement and adoption of more multi-factor authentication systems,” he says.
Instead of requiring the user to simply enter a password in order to gain access to an interface, he advocates for a three-factor authorization method. This would require the user to input a biometric component in addition to their pin number.
Thumbprints or retina scans, for example, would add an extra layer of security. “But some folks don’t like people zooming in on our eyes,” he says, “so adoption of three-factor authorization still has a way to go.”
Whether we will see the standardization of three-factor authorization in the future is yet to be determined. However, the need for increased cybersecurity is apparent. As Henry points out, an estimated $16 trillion dollars will be lost annually to cybercrime by the year 2021.
“How do you improve the authentication capabilities?” he asks young STEM professionals.
He supplements his question with a warning: “Your identity is at stake!”