FB pixel

Governments still struggling to secure data. Zero-trust, passkeys could help

Categories Access Control  |  Biometrics News
Governments still struggling to secure data. Zero-trust, passkeys could help
 

A digital data breach at the National Social Security Fund (CNPS) of Cameroon has resulted in the leak of citizens’ personal data, financial documents, details of over 1.5 million beneficiaries, and other information related to social security services. Cybercriminal group “The Space Bears” claimed responsibility for the breach.

The group demanded a ransom from CNPS and threatened to sell the data on the dark web if payment was not made by September 22, 2024, Digital Business Africa reports. Although CNPS has not officially acknowledged the breach, reports indicate that the group has already begun selling the data. About 25 GB of data is offered for $3,000, while a smaller 10 GB set is priced at $1,000.

The National Social Security Fund is the country’s public social security organization. It protects employees and their families in the event of occupational risks, retirement, disability, and death. The fund also offers benefits, including family allowances, old age pensions, disability pensions, and work injury compensation.

To mitigate potential risks, public organizations should implement various security measures, such as establishing an incident response plan, conducting comprehensive investigations, and enhancing cybersecurity protocols, Digital Business Africa says.

Zero-trust strategies and passkeys offer path forward

Meanwhile in the U.S., government agencies continue to work towards the zero-trust goal set for them by the executive branch.

The United States government issued an executive order in 2021 and a follow-up executive memorandum in 2022 to mandate that federal agencies adopt a zero-trust architecture by the end of FY 2024 to mitigate cyber threats.

Recognizing the digital threats to critical infrastructure in sectors such as healthcare, finance, defense, and public services, the U.S. federal government aims to ensure data privacy and protection against unauthorized access to sensitive information by implementing zero trust.

The memorandum outlines key components of the zero-trust architecture, including enterprise-managed accounts, device monitoring, security posture assessment for each device, system isolation, and encrypted traffic.

Furthermore, the framework emphasizes secure access to enterprise applications, collaboration between security and data teams, and robust digital identity and access control systems.

As the deadline nears, a report from NextGov indicates that many federal agencies are actively working to implement a zero-trust framework to meet the requirement. Twenty-four different agencies are around 90 percent of the way through their transition, according to Federal CIO Clare Martorana.

States like California have also taken steps, GovTech notes, such as issuing Technology Letter 23-01 in early 2024, mandating all state agencies to implement a zero-trust architecture in alignment with NIST 800-207.

In a recent Biometric Update webinar, the FIDO Alliance, which sets passkey standards, highlighted the use of passkeys to safeguard the public sector.

“What passkeys do is take the burden off of the user to have to identify those sorts of attacks because path keys simply cannot be given away to a nefarious person,” says Megan Shamas, chief marketing officer of FIDO Alliance.

Don’t forget insider threats

When discussing cyber threats to public institutions, it’s important to note that individuals within the organization can also pose a risk. This can occur through intentional malicious actions or unintentional errors that compromise sensitive data or systems, says Clyde Williamson of Protegrity.

According to a report by the Ponemon Sullivan Institute, the average cost of insider threats is approximately $16.2 million per organization. To mitigate these risks, organizations should implement cybersecurity strategies such as data encryption, tokenization, and segmentation to limit exposure if insiders access sensitive data, as reported by Security Brief Asia.

Additionally, advanced security measures like multi-factor authentication (MFA), network behavior analysis, and endpoint detection and response (EDR) can further protect against insider threats.

“Audit trails and tracking capabilities are two more features that will take your data protection and security to the next level,” says DeeDee Kato, vice president of Corporate Marketing at Foxit.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometrics race for the borders

Biometrics to ease border crossings are a major theme of the week among Biometric Update’s most-read articles of the week….

 

US election likely to be a missed opportunity to advance digital ID policy

The 2024 U.S. election represents an opportunity for social dialogue around digital identity policy in the wake of a series…

 

India to pilot Digi Yatra for foreign nationals in 2025

India is planning an international pilot project for June 2025 that will see the introduction of facial recognition technology beyond…

 

Papua New Guinea advances digital ID, wallet and govt platform to pilot

Papua New Guinea has stood up a new digital ID, wallet and online government platform, and plans to pilot them…

 

UK police organized crime unit seeks new facial recognition software

The UK’s main law enforcement agency against organized crime is looking into new facial recognition solutions, as the country doubles…

 

The EUDI Wallet was not meant for age assurance: AVPA

The European Union should not look at the EU Digital Identity (EUDI) Wallet as an age-assurance solution to keep minors…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events