29 Jan

6 Min read

2024 Security Industry Predictions: Consolidation, ROI, and the AI Hype Train

January 29, 2024 Phil Dunkelberger 0 comments

2024 Security Industry Predictions: Consolidation, ROI, and the AI Hype Train

By Phil Dunkelberger

Why is the security industry still thriving, why do we have so many claiming to be the ultimate protector of your precious data? Maybe there is a reason why malware seems to be multiplying. In January 2020, just before the pandemic I was a guest speaker at CES, I talked about how in 2019 just over 8 billion devices connected to the internet. As of the end of 2023 that number has almost doubled to 15 billion devices. That is people and things connecting and accessing data – all of which need to be authenticated and protected. This is why phishing, malware and other bad actors make the security industry so necessary and important.

So, as we lean in into 2024, it’s time to see what might be in store for this ever-evolving realm of digital defense. Spoiler alert: it’s a mixed bag of consolidation, ROI pressure, AI hype, and regulatory crackdowns. While you may be looking for the silver bullet, there is no cure for constant vigilance training and awareness of security issues.

1. Further Consolidation? Groundbreaking!

We can’t avoid it, it is almost a constant now in our industry – consolidation. It’s like a never-ending game of cybersecurity Tetris, where the bigger players gobble up the smaller ones, and we all pretend to be surprised. What’s next? Well, expect even more consolidation (remember Symantec or McAfee), especially among companies dabbling in machine learning, AI, and encryption. First quarter of 2023 alone there were 10 announced consolidations! But what started out looking like a lot of activity, overall 2023 was actually a slow year for M&A in the security industry.

You see, there are so many of them out there, all claiming to be the superheroes of security. But here’s the rub: they often have overlapping technologies, creating a cacophony of confusion for customers. So, it’s survival of the fittest, and the biggest fish in the cyber-pond will swallow up the minnows. Just remember, when your favorite cybersecurity startup disappears, it’s probably because they got gobbled up by a larger fish. Bon appétit!

2. ROI: Prove It or Move It

So when the M&A market is slow, as a company you need to focus more on proving ROI so you can garner customers – the pressure is on. Gone are the days when a snazzy logo and some jargon-filled marketing materials were enough to convince businesses to part with their precious dollars for cybersecurity solutions. In 2024, the name of the game is “Show me the money!” or more accurately, “Show me the ROI!”

It’s not enough for companies to claim they can save you from cyber-calamities; they’ll need to demonstrate real-world results. No more smoke and mirrors, folks. Cybersecurity providers will be under intense pressure to prove the effectiveness of their solutions. Fancy algorithms and buzzwords won’t cut it anymore. If they can’t show how they’re actually preventing breaches or mitigating threats, they might as well pack up their snake oil and hit the road.

There will also be the need to demonstrate ROI across more teams within your overall organization. Gone is the day that the CISO alone can make the decision. With so many projects in motion with companies and security needing to integrate into almost every application – the “Prove it and Show me” tour internally is a longer road.

3. AI and Machine Learning: Hype and Reality in a Three Sided Coin?

AI and machine learning, the darling buzzwords of the tech world. Every cybersecurity company wants you to believe that they’ve trained an army of sentient robots ready to defend your data. But hold your cyber-horses, because in 2024, the AI hype train might just run out of steam.

Sure, AI and ML have their place in cybersecurity, but they’re not the magical panaceas some claim them to be. Their effectiveness needs to be proven in real-world scenarios, not just in glossy brochures. So, while companies will continue to ride the AI wave, users should keep their skepticism shields up. After all, no algorithm can replace good old-fashioned human vigilance and common sense when it comes to staying secure.

Be forewarned – AI is a three sided coin. There absolutely is benefit in AI that both the attacker and defender need to learn how to take advantage of – but it is the one who learns best to take advantage of the “edge” – finds the margin – that will win using AI in the security world.

4. Regulatory and Privacy Demands: Brace for Impact

Now, here’s the sobering part of our prediction party – on a global and regional basis. Brace yourselves for more regulatory and privacy demands in the cybersecurity landscape worldwide. Meeting regulatory requirements is no longer a broad checkbox item, it is regionally and vertically critical that security vendors address the regulations. As if navigating the labyrinth of cybersecurity compliance wasn’t already fun enough, we can expect even more rigorous standards and potentially more severe consequences for companies that fall short.

This too is not unlike the consolidation shifts we see every so often – this is a pendulum swing that follows the pace of new technology. We see AI burst onto the scene along comes regulation, some might call it a knee-jerk reaction but when you are dealing with personal identifiable information (PII) or corporate information – intellectual property (IP) – the road is complex. We have some examples that have helped along the way like PSD2, the FIDO standard and the recent introduction of passkeys. But there is a long way to go. Just as seatbelts (or airbags) didn’t stop people from being injured in car accidents.

With cyber-threats becoming more sophisticated and data breaches making headlines, governments and regulators need to be on top of the latest new technologies.. They want to ensure that companies take data protection seriously. So, don’t be surprised if you find yourself buried in a mountain of compliance paperwork and facing hefty fines for non-compliance. It’s the price we pay for playing in the digital sandbox, folks.

The security industry in 2024 promises to be a whirlwind of further consolidation, ROI scrutiny, AI skepticism, and regulatory headaches. As businesses and individuals rely more than ever on digital platforms, the pressure on the cybersecurity industry to deliver real, measurable results is mounting. While there may be challenges ahead, it’s all in the name of keeping our digital world safe. So, stay vigilant, demand proof, and keep your cybersecurity wits about you in this brave new era of digital defense.

13 Apr

7 Min read

Nok Nok Expands S3 Authentication Suite

April 13, 2023 Nok Nok News 0 comments

Nok Nok Expands S3 Authentication Suite to Meet the Needs of Government, Regulated, Payment, and E-Commerce Organizations

New capabilities include regulatory compliance and risk management, synced passkeys, secure payment confirmation, and more

San Jose, CA – April 13, 2023 – Nok Nok , a leader in passwordless authentication for the world’s largest organizations, today announced the latest release of the Nok Nok™ S3 Authentication Suite (S3 Suite) that delivers four new capabilities designed to meet the needs of regulated industries, payments markets, and e-commerce organizations. For government organizations or highly regulated industries such as healthcare, finance, and insurance, the new offering simplifies the ability to comply with security and regulatory requirements, including identifying known and unknown devices. Additional new features help e-commerce organizations reduce friction for consumers. Payment companies will also benefit with new features in the S3 Suite that address Secure Payment Confirmation (SPC) for approving high value financial transactions in web browsers.

With the increasing rise in cyber threats, security professionals are faced with heightened complexity. Not only are they navigating how to implement best practices and respond to federal mandates as they develop, but they also must be responsive to their own users and consumers without preventing their access to services or causing user friction. Organizations that are highly regulated industries are also under enormous pressure and must be prepared to respond to and comply with government and industry regulations. The Nok Nok S3 Suite leverages a wide range of authenticators, including biometric and non-biometric modalities to help meet regulatory compliance, address NIST SP800-63 and SP800-157 standards, and support various authentication needs. By integrating with an organization’s security solutions, the S3 Suite provides additional contextual information and leverages scores provided by external risk engines and behavioral biometric systems.

“The war against cyber criminals has not let up and the job of being a security professional continues to be more difficult as new mandates from the White House have been added to the list of compliance requirements. And if you are an international organization, EU and Asia requirements add to the compliance complexity. We are excited to address these compliance needs and broaden the reach of our technology into these regulated markets. Organizations operating in finance, enterprise, e-commerce and government are up against increased pressure to comply and regulation is only expected to become more stringent in the years to come,” said Phil Dunkelberger, CEO of Nok Nok. “We co-founded the FIDO Alliance to make it easier to implement strong, passwordless authentication solutions for consumers and enterprises. Now, we are expanding our offering to companies in key regulated sectors that need to be able to quickly and efficiently respond to the evolving regulations coming from the US and foreign governments.”

New government and regulated industry support includes:

Passkeys. With the rise in adoption of synced passkeys, regulated organizations need to be able to understand whether users are using their passkey with a known device or on a new device. When new devices are introduced for the first time, regulated organizations typically need to trigger additional verification steps to ensure the device belongs to the legitimate user. With the Nok Nok S3 Suite v9, organizations can easily configure authentication rules that detect the use of new devices and configure methods in order to verify whether the device is used by the legitimate user.
Support for Security Key Tracking and Inventory. New capabilities allow organizations in highly regulated industries such as healthcare, insurance and banking, to monitor and track users that are using the security key(s) they were given by their employer. With these new product features, organizations can “attest” that a user is using the security key they were issued – not a third party key – and meet security and regulatory requirements.

New E-Commerce and Consumer support includes:

Synced passkeys. Asking users to provide a password reduces enrollment conversion rates and requiring a password at checkout negatively impacts the checkout conversion. Today’s release of the S3 Suite with synced passkey features allows consumers from any of their devices to access e-commerce sites by easily signing in using biometrics instead of using a password. Additionally, the synced passkey feature enables merchants to reduce friction at sign-up, making it easier to engage personally with the customer, enroll them in loyalty programs, automate billing, and collect specific data which has become more difficult with 3rd party cookies being deprecated.

New Payment support includes:

Secure Payment Confirmation. While today’s strong customer authentication two-step-verification is more secure, it is still perceived as inconvenient to the consumer. The introduction of W3C Secure Payment Confirmation (SPC) into the S3 platform is similar to integrating a POS terminal into your browser that allows the user to use device biometrics instead of a card and (one-time) PIN. Support for SPC has been added to the EMVCo 3D Secure specification that is widely used for online card payments. For customers in the buying process, SPC dramatically cuts down on friction. This new SPC method extends the existing transaction confirmation capabilities of the Nok Nok S3 Suite making it the first choice for banks, payment service providers, and e-commerce merchants intending to implement delegated authentication.

“We have heard it said many times, removing passwords can improve time and effort spent handling password resets and account lockouts ; it reduces friction and improves the user experience, and it can drastically reduce risk,” said Jack Poller, senior analyst Enterprise Strategy Group. “As easy as it sounds, the complexity of replacing passwords while still staying compliant in regulated industries or meeting government regulations can be very complicated. Leveraging its history delivering FIDO-based strong authentication into enterprise and consumer markets, Nok Nok rolls out a set of capabilities that will ease the replacement of passwords in some of the most demanding environments. IT and security operations are trying to handle increased complexity in their environments every day; standards-based, passkey solutions should be high on their lists for first defense.”

The Nok Nok S3 Authentication Suite includes an Authentication Server and App SDKs for mobile, web and smartwatch applications. It leverages the security capabilities already present on a user’s device to bring strong and convenient authentication to any application. The S3 Suite enables organizations to easily turn a user’s device into a strong, multi-factor authentication method through support for all FIDO protocols, including passkeys.

With the S3 Suite’s rich set of capabilities, organizations can support the full customer lifecycle from frictionless on-boarding, progressive profiling, easy bootstrapping of new devices, account recovery, suspension and deprovisioning of users, to call center authentication support.

Press assets:

Learn more about the latest Nok Nok Authentication S3 Suite.

About Nok Nok

Nok Nok is a leader in passwordless customer authentication and delivers the most innovative FIDO (Fast IDentity Online) solutions for the authentication market today. Nok Nok empowers organizations to dramatically improve their user experience and security, and reduce operating expenses, while enabling compliance with the most rigorous privacy and regulatory requirements. The Nok Nok™ S3 Authentication Suite integrates into existing security environments to deliver proven, FIDO-enabled passwordless customer authentication. As a founder of the FIDO Alliance and an innovator of FIDO standards, Nok Nok is an expert in next-level, multi-factor authentication. Nok Nok’s global customers and partners include AFLAC Japan, BBVA, Carahsoft, Fujitsu Limited, Hitachi, Intuit, Mastercard, MUFG Bank, NTT DATA, NTT DOCOMO, Standard Bank, T-Mobile, and Verizon.

For more information, https://staging.noknok.com/.

17 Feb

1 Min read

Nok Nok Featured on Keen On

February 17, 2023 Nok Nok News 0 comments

Nok Nok on KEEN ON. When Will Silicon Valley Fix its Annoying Password Problem? Nok Nok’s Phillip Dunkelberger on digital technology that might finally kill the online password as featured on the KEEN ON podcast with Andrew Keen. In this KEEN ON episode, Andrew Keen talks to Nok Nok CEO Phillip Dunkelberger on digital technology that, he promises, will finally kill the online password.

View more KEEN ON content here and enjoy additional Nok Nok Videos here.

23 Jun

3 Min read

Learn More About Passwordless Authentication With This Master Class

June 23, 2022 Nok Nok News 0 comments

More businesses are seeing both the convenience and cost benefits of integrating devices and data and cloud-based application and storage systems. After all, if an employee working abroad needs to access data, it’s more efficient to be able to do so from a smartphone with access to an online database than it would be for that employee to have to return to the home office and access the data from their own desktop computer. However, this convenience means that there needs to be more consideration for cybersecurity, which can be a serious vulnerability for many companies.

If you’d like to learn more about how authentication failures affect businesses and how passwordless authentication can overcome these challenges, register for a free Live Masterclass Webinar:

Topic: The Cost Of Password Authentication Failures

Day: Tuesday, June 28

Time: 2:00 pm, EDT

Topic: The Cost Of Password Authentication Failures

Panelists:

Jim Delli Santi: VP Marketing/Strategy Nok Nok Labs

Phil Dunkelberger: President/CEO Nok Nok Labs

Larry Ponemon: Founder/Chairman Ponemon Institute

Attend this webinar and learn to balance strong security with ease of accessibility.

Older Security Is Vulnerable Security

Cybersecurity is only as robust as the people willing to follow its guidelines, which is where passwords, one of the oldest security measures, can fail. Current recommendations for passwords are that they are “strong,” which often means a long string of 8-16 randomly selected alphanumeric characters, making it almost statistically impossible to guess.

However, this recommendation can be difficult to follow since it also means passwords that are challenging to remember. Some will ignore the guidance in favor of easy-to-remember passwords, such as names, phrases, or other mnemonic triggers, which are also easy to guess.

Disruptive Consequences

Authentication disruption can occur on both sides of a business. A client or customer that ignores protocol can have weak passwords stolen or compromised. This can result in losing account control, sometimes funds, and eventually, trust in the company.

However, enforcing a strong password protocol can also result in customer loss. Hard-to-remember strong passwords can sometimes result in multiple log-in failures or even be so difficult they discourage clients and convince them to take their business elsewhere where protocols are less stringent and more vulnerable.

The Financial Consequences

Another area where cybersecurity disruptions can have a significant negative impact is work efficiency. Disruptions can be as minor as a build-up of inefficiencies or outright failure due to security disruptions. On the most extreme end, however, criminal activity like “ransomware” can lock users out of their data until money is paid to the hackers to revert control.

30 Mar

3 Min read

What Is The Ponemon Institute?

March 30, 2022 Nok Nok News 0 comments

There’s a popular saying in the modern-day that “facts don’t care about your feelings.” Nowhere is this more true than in the field of cyber security where, just because you have a good feeling that your data is safe, this doesn’t make it actually true. The facts, like the level of cyber security maintained and the security practices followed, will be the determining factors.

One of the best ways to maintain and practice cyber security is to have experts make recommendations. In this capacity, the Ponemon Institute is a critical ally to companies, schools, and any organization concerned with ensuring their networks and data are secure.

Just The Facts

The Ponemon Institute was created in 2002 by Dr. Larry Ponemon and Susan Jayson. It is an organization dedicated to two principles: studying information security and privacy issues and educating people about those results and their implications. It’s an independent organization dedicated to objective study and gathering data to present it without bias or agenda. In other words, the Ponemon Institute studies issues of cyber security and privacy and then faithfully preserves the data acquired from those studies.

The Ponemon Institute covers both the issues of preserving data privacy, such as handling personal data of clients or patients, and it also covers security issues, such as preventing financial data, social insurance numbers, or credit card numbers from being stolen by cybercriminals.

The Institute has worked with pharmaceutical companies, financial services, telecommunications companies, hospitality, government sectors, and many more to identify the costs of data breaches as well.

Learning From The Data

The results derived from Ponemon Institute studies have a broad array of implications for cyber security. They can accurately measure the costs and losses involved with network breaches and data theft. They can show the effectiveness and cost efficiencies that come with implementing one type of network security, such as biometrics, over another, such as traditional single-password systems.

This data is not just useful for the organizations that have conducted studies. It can benefit anyone through education. Cyber security is not the only important thing; data privacy is as well. It’s not enough to ensure that companies protect their own data; the private personal data of individuals must be protected from corporate exploitation as well, especially today as Trust and Safety becomes a new category of enterprise value.

These concerns of modern cyber security form the cornerstone of the Ponemon Institute’s studies. With their data, implementing new security measures, such as multi-factor authentication and cryptographic biometric authentication, can be assured of greater effectiveness. If you’re interested in modernizing your digital security using the latest research and data, you can learn more here about Nok Nok’s modern identity and passwordless authentication and how it protects multifactor security measures.

02 Nov

1 Min read

Nok Nok’s founder named Authentication Visionary

November 2, 2021 Nok Nok News 0 comments

Nok Nok’s founder named Authentication Visionary. Nok Nok’s founder and CEO, Phil Dunkelberger has been named a visionary by Goode Intelligence for his work in authentication, encryption, and security. Enjoy this interview with Alan Goode the CEO and Chief Analyst at Goode Intelligence.

Contact Us

Latest Posts

Navigation

Please complete this form to view and download this resource.

2024 Security Industry Predictions: Consolidation, ROI, and the AI Hype Train

2024 Security Industry Predictions: Consolidation, ROI, and the AI Hype Train

By Phil Dunkelberger

1. Further Consolidation? Groundbreaking!

2. ROI: Prove It or Move It

3. AI and Machine Learning: Hype and Reality in a Three Sided Coin?

4. Regulatory and Privacy Demands: Brace for Impact

Nok Nok Expands S3 Authentication Suite

Nok Nok Expands S3 Authentication Suite to Meet the Needs of Government, Regulated, Payment, and E-Commerce Organizations

New capabilities include regulatory compliance and risk management, synced passkeys, secure payment confirmation, and more

Nok Nok Featured on Keen On

Learn More About Passwordless Authentication With This Master Class

Panelists:

Older Security Is Vulnerable Security

Disruptive Consequences

The Financial Consequences

What Is The Ponemon Institute?

Just The Facts

Learning From The Data

Nok Nok’s founder named Authentication Visionary

Contact Us

Contact and Subscribe

Latest Posts

Navigation

Please complete this form to view and download this resource.

Submit to Download Forms