Digital security solutions provider, Securemetric Bhd and global non-profit organisation, FIDO Alliance have urged Malaysian businesses to adopt passwordless authentication methods to enhance their cybersecurity measures and protect consumer data.
This call to action was made at the FIDO APAC Summit 2024 that took place today at JW Marriott Kuala Lumpur.
Cybersecurity Malaysia reported a staggering 1,192% increase in data thefts in 2023, while phishing was identified as the top cybersecurity concern by 54% of Malaysian organisations, according to an IDC survey on the state of security operations (SecOps).
This surge can be attributed to the widespread use of vulnerable passwords, which remain a primary target for cybercriminals exploiting weak security practices, underscoring the importance of adopting passwordless authentication in Malaysia.
“Passwordless authentication is still in its early stages in Malaysia. However, with the government’s decision to adopt it and several Malaysian companies following suit, we are seeing a promising beginning in strengthening the nation’s cybersecurity ecosystem.
“However, to sustain the progress, more businesses and organisations needs to get on board and adopt passwordless authentication methods to improve protection against cyber-attacks, safeguard sensitive information and critical infrastructure as well as contribute to creating a safer digital environment for Malaysia,” said Edward Law, Chief Executive Officer, Securemetric Bhd.
Traditional authentication methods such as passwords, present significant risks because they are knowledge-based, difficult to remember, and susceptible to phishing, harvesting, and replay attacks.
According to FIDO Alliance, passwords are responsible for over 80% of data breaches. In contrast, passwordless authentication offers enhanced security by employing advanced measures such as biometric authentication or hardware tokens, which significantly reduce the likelihood of unauthorised access.
“FIDO’s open protocols for user authentication, commonly known as passkeys, are designed to provide users with a simpler and more secure sign-in experience. Unlike passwords, passkeys are always strong and are designed so that there are no shared secrets.
“By taking passwords out of the equation, businesses stand to find significant cost savings through decreased fraud and data breaches – and consumers will be protected by from AI-driven social engineering attacks. FIDO Alliance stands with Securemetric in encouraging Malaysian businesses to eliminate their reliance on passwords,” said Andrew Shikiar, Executive Director & CEO, FIDO Alliance.
Given its advantages, many governments around the world have implemented passwordless authentication, enabling their citizens to securely perform transactions such as tax payments and access government benefits, according to data from FIDO Alliance. These implementations have led to reduced operational costs and enhanced consumer satisfaction.
In Malaysia, the National Agency of Cyber Security (NACSA) is the first government entity to adopt FIDO and passwordless technology. Organisations classified as National Critical Information Infrastructure (NCII) use FIDO as a security token for authentication and safeguarding applications and sensitive data.
“FIDO has gained significant traction due to its interoperability as well as robust security measure, while enabling a consistent and secure user experience across different platforms and services. FIDO-enabled passkeys can be synchronised across devices or linked to a platform or security key, offering a secure and quick alternative to traditional passwords.
“They are more secure than passwords and SMS OTPs, are simpler for users, and make it easier for service providers to deploy and manage. Cloud hosted FIDO authentication servers are also available as a pay-per-use model for companies with smaller IT budgets,” Sea Chong Seak, Chief Technology Officer, Securemetric Technology Sdn Bhd.
The two-day summit featured over 30 speakers and focused on the future of secure, phishing-resistant online authentication. It brought together top industry experts, cybersecurity innovators, and policymakers from Malaysia and the Asia-Pacific region to discuss the latest advancements in FIDO authentication, a set of open, standardised authentication protocols aimed at ultimately eliminating the use of passwords.