The digital world is transforming the way we live and work, but it is also creating new vulnerabilities for cybercriminals to exploit. As we become more reliant on technology, the cybersecurity threat landscape continues to evolve, with attackers leveraging increasingly sophisticated tactics to breach systems and steal data. This is compounded by the emergence of AI-powered chatbots like ChatGPT, Bing AI Chat, and the newly released Google Bard AI, which make it easier for cybercriminals to launch attacks and harder for victims to detect and defend against them.
Despite the ever-increasing sophistication and volume of threats, the internet remains an essential part of our daily lives, with most of us relying on it for everything from communication to entertainment and ecommerce. In fact, a recent study found that 85% of Americans use the internet daily, and 31% are online almost constantly. As our dependence on digital connectivity increases, governments worldwide are taking new steps to protect their citizens and mitigate risks.
To address rising concerns about cybersecurity, many countries have implemented national ID card programs, while others are currently considering the introduction of similar schemes. At the Prime Minister’s Cyber Security Roundtable in late February 2023, Australian Prime Minister Anthony Albanese confirmed that there was an urgent push in developing a national digital ID (eID) card.
The Australian government intends on establishing the proposed ID cards as a primary means of identification. The cards will be designed to incorporate biometric data, making them compatible with facial recognition technology. By doing so, the government hopes to reduce the amount of personal data that organisations need to store for identification purposes, and to minimise the risk of data breaches that could compromise Australians’ personal information or identities.
In their proposal, the Albanese government also clarified that the system will initially be introduced on an opt-in basis, expanding on a similar system that was introduced to the myGov portal in 2022, with the aim of increasing uptake over time. The new ID cards will also eventually offer additional benefits beyond the current system. For instance, they will enable individuals to attach other personal documents, such as Medicare cards, vaccination records, and university transcripts.
It’s a move that’s backed by banks and telcos who are required to collect and hold personal data to comply with government requirements. ANZ Bank’s CISO, Lynwen Connick, has been a vocal supporter of the proposal, pointing out that because of “huge vulnerabilities in our national identity capability”, developing a secure eID should be a priority in Australia’s cybersecurity strategy.
It’s not the first time such a scheme has been proposed in Australia, with Prime Minister Bob Hawke pushing for a rudimentary version of a national ID card in the 1980’s. Dubbed the “Australia Card”, the proposal generated a storm of protest from the public at the time and was repeatedly rejected in the Senate, leading it to be abandoned in 1987. So, why now the change of heart?
For starters, since the 80’s we’ve seen the benefits of similar systems in other parts of the world. More than 20 years ago, Estonia introduced a secure digital ID to authenticate identities when citizens were looking to access government and private services safely online. Over time, the eID card has eliminated the need for additional identification methods such as driver’s licenses and health insurance cards, and allows Estonians to vote online, organise prescriptions, submit tax claims, and much more with just their ID and a secret pin. It’s now considered one of the most advanced digital ID systems in the world, and Carmen Raal, the digital transformation adviser at e-Estonia, stated that “there are currently two things you can’t do online in Estonia and that’s get married and divorced. Everything else is possible”.
Although there have been no studies directly examining the correlation, the National Cyber Security Index ranks Estonia fourth in the world for cyber security. Other European nations have since followed Estonia’s lead, and there are currently four other countries in the EU with mature digital identity programs: Belgium, Germany, France, and Ireland. Each of these countries has implemented robust digital identity systems to enhance their cybersecurity measures, and their rankings also reflect the benefits. Belgium ranks second, Germany ranks sixth, France ranks thirteenth, and Ireland ranks twenty-sixth on the same list.
In the coming years, more countries are expected to adopt similar systems. Starting in 2024, every European Union (EU) member state will be required to offer a Digital Identity Wallet to any citizen who requests one. By 2030, they anticipate that 80% of citizens will be using an eID solution.
However, the implementation of similar services in other countries has not always resulted in a positive impact on cybersecurity. In 2009, India rolled out their digital identification system, Aadhaar, which involves collecting the biometric and demographic data of citizens. It remains the largest biometric database in the world and is a primary way for citizens to access government services, including welfare.
Since its release, the system has been plagued with problems, including privacy concerns, exclusion errors, security issues, implementation challenges, and the legality of the Aadhaar has also been questioned. Critics have noted that India “has engaged in a fierce debate of its own over whether Aadhaar violates individuals’ privacy, whether it is secure from hacking, and whether any entity, public or private, should have the ability to pool our full digital profiles.”
These concerns are not unfounded as the system has suffered a number of data breaches since its launch. Most recently, in 2022 it was reported that the website for Pradhan Mantri Kisan Samman Nidh, a government service aimed at providing basic financial income to Indian farmers, was revealing recipient’s Aadhaar numbers. However, the most significant breach came in 2018 when a database containing the personal information of more than a billion Indians was listed for sale online for the equivalent of USD $7, accessed through a hack on the Aadhaar system. At this time, it was also revealed that software was being sold online which would provide individuals with the opportunity to access government services that provide free meals and subsidised grain. Months earlier in November 2017, it was found that 200 government websites were publicly publishing the Aadhaar numbers of citizens, as well as their names, address, and bank details.
To mitigate potential cybersecurity issues, such as the ones seen in India, proponents say that digital ID systems should be designed with strong security features, such as impenetrable encryption, multi-factor authentication, and frequent updates to patch potential vulnerabilities and weaknesses. Countries should also provide their citizens with thorough education on best practices for digital ID security, and cybersecurity in general, such as not sharing their credentials and using secure passwords.
Countries like Estonia and Belgium have demonstrated that these systems can be effective, but ultimately, the success of national ID card programs will depend on how well they are designed, implemented, and secured. We would love to hear your thoughts on the viability of such a program in Australia. Share your thoughts in the comments below.
Keeping businesses safe and secure
While digital IDs may help to the amount of data accessed in the wake of an attack, prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
MailGuard provides a range of solutions to assist businesses in the event of a critical incident or disaster, from email filtering to prevent threats, to email continuity and archiving solutions to help companies maintain ongoing operations and to recover if a critical incident or disaster does occur. Speak to your customers today to ensure they’re prepared for the worst or get in touch with our team to discuss strengthening your customer’s cyber position.
Talk to us
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 282 2
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.
