Identity Management to Reduce the Costs of Cybercrime
Purpose: This article to assess the role of digital identity management in increasing supply chain resilience to cyber incidents and to identify good practices and recommendations by eliminating potential vectors of cybercriminal attacks. Design/Methodology/Approach: The study is based on a literature review and analysis of legal regulations and standards regarding cryptographic security and trust levels in electronic identification. Current secure authentication standards and recommendations for Password-less authentication, as well as recommendations for transitioning to post-quantum cryptography, were considered. The research question was formulated: What impact does decentralized digital identity management and the adaptation of authentication systems to the requirements of the definitional "dynamic authentication" have on risk and cost minimization? In accordance with the research question, a research hypothesis was formulated, which assumes that adapting authentication systems to the requirements of post-quantum cryptography and decentralized digital identity management combined with password-less authentication significantly eliminate the risks and costs of Cybersecurity incidents related to the human factor in authentication. Compliance with the "dynamic authentication" requirements by suppliers, including suppliers, eliminates numerous supply chain risks related to cybecrime. Findings: The results of the analysis indicate that eliminating cybercrime risks requires a change in the approach to digital identity management to a decentralized one and increasing the levels of cryptographic security. It turns out that implementing regulations regarding "dynamic authentication" in relation to OTK can eliminate most of the threats known today and significantly reduce the scale of losses caused by cybercrime. Practical implications: The proposed methodology and study results provide valuable recommendations for organizations seeking to eliminate the risk of cybercrime and ensure compliance with applicable European Union regulations. Implementing IAM/IMS systems that implement "dynamic authentication" reduces operational risk, and regulatory compliance also eliminates the risk of significant fines. The article emphasizes the importance of continued research, particularly into solutions focused on machine and device identity management. Originality/value: Previous research has focused on Quantum Resistance, MFA, Biometrics, or PasswordLess. This paper proposes a methodology that takes a comprehensive approach to identity and access management (IAM/IMS) and incorporates a different approach to mitigating human error. Furthermore, perhaps for the first time, criteria for evaluating digital identity management standards and authentication technologies are proposed.