Web 3.0: New attack surfaces increase the need for continuous security

The emergence of Web 3.0 came at a time when the world was changing fundamentally. At a time when people were told to stay at home and limit personal contact, life had to go on. Business had to continue as usual, contracts had to be concluded and money had to be transferred. Web 3.0 became an opportunity for companies to tap into the digital future.

Today, everything can and is done digitally, and while the benefits are clear, new risks and challenges have emerged. With the transition to Web 3.0, the attack surface has also shifted to the largely uncontrolled customer journey. As a result, our information, money and identity are more vulnerable than ever.

Ten years ago it was still a big deal to buy something online for 20 euros, but nowadays we make bulk purchases online without even batting an eyelid. Our convenience has increased tremendously over the years and will continue to grow. We might have only made small purchases at first, but today high-value transactions such as loans, money transfers and insurance claims are processed digitally, which means greater precautions need to be taken to keep things safe.

At the consumer level, platforms like Apple Pay and Amazon Pay have emerged, bringing a sense of trust and security to online purchases. We feel comfortable when we can pay with Apple Pay. However, when asked to enter our personal credit card information, many of us stop and consider whether the website or provider is legitimate. Such a system does not yet exist for high-value business transactions. In addition, there is no system for assuring that a company really is what it claims to be. Or whether a connection is valid. Or if we sign a real loan. The transition to a digitized world happened so quickly that no one thought about the fact that we need to make sure the process is legitimate.

There’s a reason phishing attacks have increased by 61% since 2021, and why bots are more prevalent today than they were five years ago: Attackers recognized an opportunity and seized it. As an industry we are at an impasse because our solutions have been focused on protecting endpoints, but now we need to secure complete digital processes and the customer journey. We have to consistently prove our identity. Solutions like Multi-Factor Authentication (MFA) ,Biometrics and token-based authentication do some of the work today, but unfortunately that’s not enough. Almost every week we hear about sophisticated BEC scammers bypassing MFA using tactics like AitM (adversary-in-the-middle) phishing attacks .

Companies should examine their customer journeys and identify critical points. In this way, they can spot points throughout the customer journey that attackers could exploit. Most companies have recognized at least one of these sticking points and taken protective measures.

For example, before we can see the final invoice, we will receive a text with a six-digit code that we must enter before we can continue the process. These are the right steps, but we must not forget that a digital transaction is not just a one-step process.

Security in Web 3.0

We are moving towards a model that requires continuous authentication and identification during these transactions. This model will look slightly different for each company, but ultimately the model will consist of the following five steps:

  1. An unknown identity is converted into a known identity. This should be done at the beginning of each process, before any transaction takes place. Each party involved should prove their identity, be it through biometric data or an ID card.
  2. Once identity verification is complete, individual credentials should be distributed to access the digital property – whether it is a website, an app, an electronic document, or a virtual environment.
  3. Clients and consumers should be guided through multi-level and highly secure transactions via an interactive, secure virtual environment with various authentication methods.
  4. In order to conduct and complete the transaction itself, the process must offer strong identity security, be equipped with features such as encryption of digital signatures, and comply with the strictest security standards and regulations.
  5. Many contracts must be stored and retained as unique original copies throughout their life cycle in accordance with laws such as ESIGN, UETA and UCC Articles 9-105. To ensure the integrity of the document or transaction, you must maintain the chain of custody and capture the audit trail.

As the attack surface shifts in Web 3.0, security must be integrated throughout the process and workflows, seamlessly so as not to disrupt the existing digital experience. Looking ahead to the new year, it can be assumed that this topic will be a top priority for both companies and security service providers and that proof of identity and ensuring trust in digital processes will become a decisive success factor.


(c) it-daily