Just like driving, cybersecurity has blind spots too. In fact, cybersecurity has two major blind spots – identity and trust. A good example is a doubly insecure authentication scheme. SMS-based password recovery tenders SMS-based two-factor authentication (2FA) completely useless.
Security is only good as the weakest link i.e pairing an insecure authentication method with a secure option provides no security benefits at all. Globally roughly 80% of data breaches are caused by compromised identity and broken trust. Unfortunately, network & content-focused security models are blind to these breaches. Not all breaches are brute force attacks, in fact, some attacks are quite subtle and silent using unchecked trust.
More importantly, a good UX should lead to good security, but that’s not always the case. Using SMS to recover password and 2FA maybe a good frictionless UX but certainly is a poor security design. One possible solution is to pair the UX design process with threat modelling exercise from very early on.
Alternatively, just like side mirrors and head checks, machine learning and automation can prevent these cybersecurity blind spots by modelling threats and risks on a continual basis and in real-time.