{"id":238,"date":"2024-09-13T10:01:00","date_gmt":"2024-09-13T10:01:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=238"},"modified":"2024-09-13T10:01:00","modified_gmt":"2024-09-13T10:01:00","slug":"aflacs-shift-to-passkeys-brings-big-business-benefits","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=238","title":{"rendered":"Aflac\u2019s shift to passkeys brings big business benefits"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

At supplemental insurance provider Aflac, safeguarding information collected on behalf of employees and the customers and businesses they serve is a key tenet of the company\u2019s culture, says Tim Callahan, global CISO.<\/p>\n

\u201cCybercriminals are innovative, willing to take risks, and have no regard for regulations,\u201d Callahan says. \u201cCriminals see the supplier channels as a softer target, which have experienced an increase of attacks. We have a robust third-party security program, but we can\u2019t control [its] environment.\u201d<\/p>\n

In addition, given the state of geopolitics, companies could become a corollary or ancillary target, Callahan says.<\/p>\n

\u201cWhile Aflac may not register as a company that nation states would directly target, we can still suffer the consequences of widespread attacks,\u201d he says. \u201cSimilarly, supplier channels are being impacted by software supply chain issues, which could also have a collateral effect on our company.\u201d<\/p>\n

\u2018Quackcess Granted\u2019: Ditching the password for passkeys<\/h2>\n

To harden its defenses and safeguard vital data, Aflac launched a multi-year path of maturation for its cybersecurity program, Callahan says, adding that partnerships have been key to the strategy.<\/p>\n

\u201cWe have strengthened our strategic relationships with providers like Zscaler and CrowdStrike, enabling us to build a deeper connection in our relationship,\u201d he says. \u201cWe have also created partnerships with companies like WWT that can serve our global needs in both the US and Japan.\u201d<\/p>\n

One of the most prominent efforts has been \u201cQuackcess Granted,\u201d an ongoing development of Aflac\u2019s Consumer Identity and Access Management (CIAM) framework.<\/p>\n

Initially, CIAM created a single, simple, secure authentication framework for customers, Callahan says. Aflac partnered with Transmit Security, a provider of identity and access management solutions, to deploy advanced authentication options. In that way it is able to address the core challenge of customers engaging with Aflac primarily around life events.<\/p>\n

\u201cWhen customers reach out to Aflac for help in their time of need, they don\u2019t always remember their credentials and tend to get diverted into solving a password problem,\u201d Callahan says.<\/p>\n

In response,\u00a0Aflac provided a solution, called Passkey, which provides customers with a standard passwordless login experience on their devices, using a secure capability based on open standards. Passwords are still in place for users who are not ready to move to passkey, or as an alternate path if needed.<\/p>\n

\u201cAflac is one of the first major insurance companies to bring this capability to market,\u201d Callahan says. \u201cPasskey is being adopted by leading companies such as Amazon, PayPal, Home Depot,\u201d and others.<\/p>\n

Passkeys purportedly offer the means for a more secure, user-friendly authentication process<\/a>, being strong, phishing-resistant, and device-bound, as well as eliminating the need for passwords.<\/p>\n

Since launching in a limited release in November 2023, and a full release in May 2024, Aflac has seen tangible business results. For example, Passkey\u2019s adoption rate has surpassed initial targets, at 32% compared with an estimate 10%. To date, about 265,000 Aflac policyholders have opted to enroll in Passkey, highlighting the value and appeal of the technology to Aflac customers, the company notes.<\/p>\n

For its work on Passkey, Aflac has earned a\u00a02024 CSO Award<\/a>, honoring security projects that\u00a0demonstrate outstanding thought leadership and business value<\/a>.<\/p>\n

With Passkey, Aflac has seen a notable reduction in support calls related to password resets and login issues \u2014 one of the primary objectives of the project. This not only alleviates strain on customer support resources, but also signifies improved user proficiency and satisfaction, as there have been no reports of customers requiring technical assistance with Passkey.<\/p>\n

There\u2019s also been an improvement in login success rates for Aflac policyholders. By eliminating passwords, Passkey has streamlined the login process, reducing login failures caused by forgotten passwords. As a result of Passkey, Aflac has seen an 11% reduction in errors at login.<\/p>\n

Furthermore, Passkey has contributed to increased operational efficiency within Aflac\u2019s digital ecosystem. With fewer support calls and login errors, customer support teams can focus on higher-value activities, improving overall productivity and efficiency across the organization.<\/p>\n

Passkey\u2019s implementation has also helped bolster cybersecurity at Aflac, mitigating the risks of data breaches, password-related vulnerabilities, and unauthorized access.<\/p>\n

\u201cAflac will continue to drive adoption [of Passkey] through targeted customer communications and deeper integration based on data analytics,\u201d Callahan says. \u201cWe also anticipate high customer adoption as the solution becomes more ubiquitous in the industry.\u201d<\/p>\n

Quackcess Granted and Passkey have received widespread support, as Aflac strives to make authorization and authentication more secure and easier for customers.<\/p>\n

\u201cThere are only so many ways to improve the password experience or make traditional multifactor authentication better for our customers,\u201d says Virgil Pool, senior consumer authentication lead for Aflac Global Security. \u201cWe\u2019ve taken a more significant step forward\u00a0by partnering with Transmit Security to deliver Passkey. As a result, we\u2019re achieving our goal of making it easier for our customers to get help in their time of need.\u201d<\/p>\n

Cybersecurity culture pays off<\/h2>\n

As part of its security strategy, Aflac prioritizes its relationships with technology and business partners and has been \u201cvery intentional\u201d about<\/p>\n

explaining the need for security to partners, employees, and customers.<\/p>\n

\u201cOur employees and partners are cyber-mindful and have been supportive of our objectives, due to our laser-focus approach in communicating not only the technical change, but the reason behind the change,\u201d Callahan says.<\/p>\n

The company has a large and complex technology footprint, and is vigilant<\/p>\n

about its deployment of IT and security tools, working to ensure there is plenty of time for testing and implementing in smaller, incremental steps, he says.<\/p>\n

\u201cFor instance, when we implemented zero trust, we started small; [we] tackled a customized approach, one department at a time, building by building,\u201d Callahan says. \u201cAs we implemented, we reviewed any adjustments before we went further. This methodology has helped us avoid mistakes and pitfalls that could impact our business.\u201d<\/p>\n

The increasing speed and sophistication of threats requires higher levels of security resiliency to maintain the company\u2019s enterprise risk tolerance, Callahan says. Aflac remains committed to \u201cpushing the boundaries of cybersecurity,\u201d he says. It does this by placing great importance on information security to protect against threats both external and internal.<\/p>\n

\u201cOur approach is deeply rooted in our culture,\u201d Callahan says. \u201cFrom the boardroom to the break room, we have a longstanding commitment of doing things the right way.\u201d<\/p>\n

The key to obtaining business buy-in for any cybersecurity initiatives is to include business partners and leaders in the decision-making process, Callahan says. \u201cThey, in turn, will understand the need and be able to provide feedback and support on how to go about it.\u201d<\/p>\n

Aflac includes senior business partners in its governance committee, called the Security Oversight Committee. Through this forum, executives can inform the security team about the business impact of policies, standards, and decisions. \u201cWe live in a world of no surprises, because they are included in the process,\u201d Callahan says.<\/p>\n

\u201cAflac\u2019s goal is to improve security posture and reduce impact of a cyberattack, while providing a seamless user experience,\u201d Callahan says. \u201cThe success of Passkey has proven to be a better user experience while providing better security.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

At supplemental insurance provider Aflac, safeguarding information collected on behalf of employees and the customers and businesses they serve is a key tenet of the company\u2019s culture, says Tim Callahan, global CISO. \u201cCybercriminals are innovative, willing to take risks, and have no regard for regulations,\u201d Callahan says. \u201cCriminals see the supplier channels as a softer […]<\/p>\n","protected":false},"author":0,"featured_media":225,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-238","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/238"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=238"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/238\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/225"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}