How much more data needs to be breached?
Techcrunch has reported that 1 billion records have been stolen so far in 2024—and that figure is rising. A month ago, there was the Santander hacking incident; two weeks ago, there was a data breach at Evolve Bank; and last week, there was a ransomware attack at Patelco.
We’ve seen the same thing repeatedly across the telco, travel, healthcare, education, and compliance industries. This week, there will be another attack on our personal data. We don’t have a crystal ball, but sadly, we don’t need one. The inevitability of breaches and ransomware attacks has become so commonplace that they are now a weekly, if not daily, occurrence.
Names, addresses, DOB, emails, account information, deposit balances, social security numbers - you name it, it’s been breached. The more sensitive the data, the bigger the target.
Organisations are spending more on cybersecurity and compliance than ever, trying to keep pace with our online consumption and the growing threats from fraud to data security. Delivering ‘Trust’ has become an objective for most companies, so why is it so elusive? Why are there so many breaches, ransomware attacks, and social engineering?
The elephant in the room
One thing we can all agree on is that the existing model of protecting personal data can no longer keep up with the attacks aimed against it. There’s a simple reason, but it’s also a huge elephant in the room that most don’t want to discuss.
Millions of dollars have been invested in building or enabling the current systems. The teams managing them understand them, and data security whack-a-mole has almost become acceptable…
Until now.
That elephant is, of course, the centralisation of personal data.
We know that…
1. Data breaches don’t discriminate. No matter how much you’ve spent on cybersecurity, if you’re storing PII data centrally, you’re open to attack
2. The centralised way of storing data with third parties (e.g. KYC providers, intermediaries, etc) might shift the liability - but it doesn’t protect the data
3. Traditional point solutions and fraud solutions are no longer cutting it…it’s become a game that fully centralised offerings can never win
Quite simply, our current centralised systems were not inherently designed for large-scale storage of PII data, especially given the privacy and security considerations that we have today.
Adding sticky tape to these outdated systems is no longer acceptable. It’s time to change the way we store personal data. Rather than patching up point solutions, we should be considering the following:
- Reduced centralised data storage
- Enhanced security through cryptography
- User control over data
- Minimised data exposure
- Immutable audit trails
- Decentralized verification and authentication
- Privacy-preserving methodologies
- Interoperability and standards
From banking to healthcare, streaming sites to concert tickets, and e-commerce to government portals, our daily lives are full of online interactions and transactions. For every service we sign up for and use, we leave some of our data behind. The more valuable that data is to us, the more valuable it is to the hackers, and the bigger target the companies storing it become.
The issue isn’t just that our data is spread across multiple services; it often is spread across multiple systems within the same company.
Introducing more stringent privacy regulations over the past few years is a step in the right direction for consumer protection. However, it does mean more complex compliance processes for businesses, which can be both costly and difficult to keep up with. Phishing scams and ransomware attacks are getting increasingly sophisticated, and in the last 12 months, AI has become an increasingly worrisome problem in the world of data privacy.
A better way forward
At Nuggets, we believe that adopting a more modern and adaptive CIAM infrastructure can enable transformational shifts in an organisation.
Our verified decentralized self-sovereign identity and payment platform ensures that you as an organisation no longer need to hold or protect PII data - removing any risks for data breaches.
Instead, credentials sit with the customer who controls their use. Within the customer wallet, we combine identity and payments; a unique and powerful proposition that ensures both personal and transaction-based details are available and verified.
Your identity system should help your organisation achieve its goals and be a business enabler. Existing technology can provide the foundations, but without enhancing and improving it with modern components, the old systems alone are no longer fit for today’s ever-evolving requirements - something that is no good for your business or your customers.
Moving to a modern CIAM infrastructure with Nuggets will enable the following:
- Unparalleled data privacy
- The elimination of fraud
- Full compliance
- A seamless user experience
- Increased enterprise efficiencies
You’ll be able to reduce costs, accelerate time to market, reduce risk and ease the compliance burden.
Existing IAM platforms will provide a foundation for basic customer needs when fully operational. Taking that foundation and overlaying it with a more modular, privacy-first and security-lead set of capabilities from Nuggets - allows organisations to innovate their existing platforms incrementally. This incremental innovation will improve all aspects of the customer identity lifecycle - from secure onboarding proofing and increases in identity assurance to password-free authentication and improvements in transaction security - ultimately resulting in better customer experience personalisation and, in turn, happier and more productive ecosystems and relationships.
It doesn't need to be all or nothing
So remember, it doesn’t simply have to be a case of ‘either-or’ with centralised systems. A common misconception is that businesses have to employ one type of model and stick with it. That’s not the case, though. Adding Nuggets’ decentralized components to centralised systems can enhance and improve the privacy and security of existing systems.
We understand that most enterprises have spent considerable time and money on their identity systems. Ripping that out wholesale and replacing it with a new decentralized system can be worrying and concerning. A better way to think about it is to introduce the Nuggets decentralized layer to your stack. This layer interacts with your existing identity systems, adding benefits and improvements to the areas of the identity lifecycle where decentralisation excels (e.g., Identity Verification, Credential Management, Passwordless Authentication, and Data Management).
Start the transformational journey now
We need a fundamental shift from purely centralised systems to a more user-centric model.
You can start from scratch and choose a fully decentralized model for a new business that has yet to build its authentication/authorization process. However, incumbents who have invested significant time and money in existing systems still need to take steps to protect user data better.
We’ve built Nuggets with a privacy-by-design ethos. Our core mission is to provide progressive enterprises unparalleled privacy and security through user-centric identity, accelerating the adoption of decentralized data management and a safer and more secure internet.
There is now a better way.
Together, we can help each other and rest easy. If you're passionate about a better way forward for privacy and security, we'd love to hear from you.