Web 3.0 Shifts Attack Surface and Highlights Need for Continuous Security

A model of continuous authentication and identification is needed to keep consumers safe.

Sameer Hajarnis, Chief Product Officer, OneSpan

January 9, 2023

4 Min Read
Web 3.0
Source: Dzmitry Dzemidovich via Alamy Stock Photo

The emergence of Web 3.0 came during a pivotal transformation for the world. Though we were told to stay home and limit face-to-face interactions during the COVID-19 pandemic, life had to keep moving. Business needed to proceed as usual, deals needed to be signed, and money still needed to be transferred. Web 3.0 is an opportunity for businesses to embrace a digital future that will make all of this easier.

Many more things can and are being done digitally compared with three years ago, and while the benefits are clear, new risks and challenges have emerged. With the transition to Web 3.0, the attack surface has also shifted to the largely unchecked customer journey. As a result, our information, money, and identity are more vulnerable than ever before.

Trust Levels Have Risen

It's Time for a New Model

Organizations should examine their customer journeys and identify friction points. This will allow them to pinpoint instances throughout the journey that attackers could exploit. Most organizations have identified at least one of these instances and put protective measures in place. For example, before we can view our final bill, we get a text with a six-digit code we must enter before moving any further in the process. These are the right steps, but we must remember that a digital transaction isn't just a one-step process.We're moving toward a model that requires continuous authentication and identification throughout these transactions. This model will look slightly different for each organization, but it ultimately will follow these five steps:Take an unknown identity and turn it into a known one. This should happen at the beginning of every process before any engagement or transaction occurs. Every party involved should prove their identity, whether it be via government-issued ID, biometrics, etc.Once identities are confirmed and verified, individualized credentials should be distributed to access the digital property — whether it be a website, app, electronic document, or virtual environment.Guide customers and consumers through multistep and high-assurance transactions over an interactive, secure virtual environment with various authentication methods.To execute and complete the transaction itself, the process needs to offer strong identity assurance, be equipped with capabilities like digital signature encryption, and comply with the most rigorous security standards and regulations.Many contracts must be stored and maintained as unique, original copies throughout their lifecycle in accordance with laws such as ESIGN, the Uniform Electronic Transactions Act (UETA), and Uniform Commercial Code (UCC) Article 9-105. To ensure the integrity of the document or transaction, you must preserve the chain of custody and capture the audit trail.With a shift in the attack surface, security will need to be woven throughout the journey and throughout workflows, and it will need to be done seamlessly to avoid disrupting the digital experience that exists. As we move into the new year, I anticipate this will be a top priority for organizations and security companies alike, and proving identity and ensuring trust in digital processes will become the defining factor of success.

About the Author(s)

Sameer Hajarnis

Chief Product Officer, OneSpan

Sameer Hajarnis is OneSpan's Chief Product Officer. Sameer has more than two decades of experience in enterprise software and SaaS companies leading cross-functional teams, including managing business development, sales, strategic alliances, and customer success to improve the customer product and service experience. Before joining the OneSpan executive team, Sameer served as Vice President of Growth and Transformation, implementing growth and transformation strategies across the organization. Prior to joining OneSpan, Sameer spent 15 years at OpenText in various leadership positions across the organization’s Analytics division, including as Vice President of Professional Services, where he was responsible for scaling the Professional Services team to deliver enterprise analytic solutions to customers globally. Sameer brings a customer-centric mindset and business focus to the product function at OneSpan. Sameer holds a Bachelor of Science in Computer Engineering from Savitribai Phule Pune University and an MBA from the Institute of Management and Development & Research in India.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights