The Identity Trilogy: Is this our Greatest Threat?
Brian Hay APM
Executive Director, Cultural Cyber Security Pty Limited
Session Outline
In light of the catastrophic data breaches witnessed around the world in the past 2 years, should we now accept that all of our "physical-world" identities are compromised?
Our passports, drivers licenses, Medicare cards etc, the foundation of our identity in a physical word, the cornerstone of our human validation processes, are compromised. How could we view it any other way?
But what about our "Cyber Identity"? A quick check on various digital intelligence holdings soon confirms that much of our Cyber identity profile, is, or parts of, have also been compromised.
So, what's missing? They know where you live, work, and engage in the world of cyberspace. What's missing is how you behave. How you think. How you form attitudes, how you respond to different situations, how you may be tempted, how you may vote.
What if they could obtain your "Behavioural Identity"? Where could a behaviour profile of you exist today? Marketing companies, casinos, retail outlets have a vested interest in understanding your personal likes, dislikes, and behavioural nuances. If cybercriminals could obtain your personality and behaviour profile, what could this mean to you, your family, your organisation? It could broker a whole new consideration to the "Insider Threat".
This session will explore how criminals will be looking to aggregate the "Identity Trilogy". Our tangible world, our cyber world, our behavioural world. By utilising artificial intelligence across extensive data lakes, exploiting automation tools, the future is in for a shuddering slap in the face. Social engineering on steroids! Having the capability to anticipate our reactions to a set of circumstances, and build in attack methodologies to exploit such situations, demands attention today.
To balance this threat, this session will seek to explore our defences to such threats, and question the future role of government in addressing such concerns. Organisations have legislative accountabilities for the handling of PII data, should behavioural profile data be incorporated in this regulatory regime? Many questions and much to discuss!