CAN ADAPTIVE BIOMETRICS THWART DATA BREACHES?

In a recent study, CNN Money reported that 317 million types of malware were released into cyberspace last year. This translates to nearly a million new (or variants) malware every day. The article also reported that whenever a new attack was released, the first victim was snared in 82 seconds on an average. It also mentioned that hackers broke into an energy company’s servers and stole a draft report that discussed a major new energy find – and they then attempted to sell the report on the black market. Which business – big or small can hope to survive if it faces such an attack?

Threats to SMBs

A major data breach can have catastrophic consequences for an SMB. While the average cost of a security breach may be as much as $450,000, it has been reported that nearly 50% percent of all SMBs have experienced a data breach of some kind at some point in time. More than 40 percent of companies experiencing a major loss of data never open their doors again.

Lost profits are not the only effect of a data breach. It impacts every aspect of your business and can cause damage way beyond the purely financial. Here is what an IBM study shows about various kinds of damage that occur (figures do not add to 100 percent due to rounding off):

●      Damage to reputation and brand – 29%

●      Production losses – 21%

●      Revenue loss – 19%

●      Costs of forensics and support – 12%

●      Costs of technical support – 10%

●      Cost to ensure regulatory compliance – 8%

This is serious for any company. Issues such as damage to reputation and brand image can linger far into the future and continue to impact your operations. If your customers suffer financial losses due to their data being stolen, there will be additional long term liability and lawsuits. The solution really lies in preventing a breach from taking place.

Mobility Adds to Woes

In today’s age of working, it’s very common to have mobile workers and that adds another dimension to insecurity and possibility of data breaches. Hackers have been known to use clustered computers or cloud based servers to generate enormous computing power and mount brute force attacks on passwords. In turn requiring users select more complex passwords. Unfortunately, the reverse often happens with on-the-go computing.

It takes about 5 seconds to type a complex password on a desktop. Entering the same password can take as much as 30 seconds on a touchscreen smartphone. Since almost all users use smartphones to access their data when they are on the move, the tendency is to simplify passwords so that they can key it in easily from a smartphone touchscreen. A University of Cambridge study brings out that even if people use pass phrases instead of passwords, the natural tendency of people is to choose pass phrases that follow a natural language pattern. This reduces the strength of pass phrases as a security mechanism.

80% of Internet users own a smartphone and it is obvious that many of them use their smartphones to access the Internet for both business and personal use. Many users do not protect their phones adequately and this forms a new source of vulnerability.

Using Biometric Authentication

Many businesses recognize that problems exist and have chosen biometric authentication to be absolutely certain of the person logging in. Here are just some of the different types of biometric authentication businesses have implemented:

  • Signature: Measures the writing speed and pressure, in addition to the matching of the actual signatureshutterstock_175583933_copy
  • Typing: Measures the speed and patterns of the individual typing, in addition to the actual password
  • Eyes: Scanning the eyes of individuals using their retina or iris
  • Fingerprint: Everyone knows fingerprints are unique. They are also readily accessible and require little physical space either for the reading hardware or the stored data
  • Hand: Measures the length and angles of individual fingers
  • Voice Recognition: Compares what an individual says against stored voice patterns
  • Facial Recognition: Verifies user by scanning distinct, unchanging facial features
  • Body Movement: Measures patterns made by the entire body or specific body parts
  • Behavioral Characteristics:  Compares pattern of behaviour of individuals, including but not limited to interaction muscle memory, gait, and swipe rhythm.

These methods are proven to be technologically superior and provide a higher level of security than simple methods like passwords, pass codes or nothing at all. And while it is possible to incorporate physical biometric attributes for individuals or for some other well defined group whose numbers are static, there are limitations.

Level of Comfort

Many users may be uncomfortable giving their fingerprints or retinal scans. If it’s something you’re not accustomed to, it can feel obtrusive – impacting your company’s ability to implement it across an organization.

Cost & Time

While the cost of these technologies are coming down, it can be a costly and timely initiative for an organization. IT initiatives often take extensive time to implement, which can pose issues as implementing a technology that has lapsed (i.e. hackers have easy access to passwords) can be detrimental.

It’s Not Possible

Due to global e-commerce, you may never physically meet many of your clients or suppliers thereby making acquiring biometric signatures impossible

How to Choose

Assuming you get past these limitations and you’re ready to implement biometric authentication into your organization, it can be a daunting task to evaluate. Every security expert has their own preferences based on their technologies and partnerships, so go take all options with a grain of salt.

Fingerprint authentication is one of the more widely used methods, mostly because it is convenient and easy to use. This option became prevalent when Apple introduced its Touch ID, and there are many devices with built-in fingerprint readers – making it easier to implement. However, fingerprints may end up being hacked and the problem will come full circle once this information gets out there.

User behaviour is not something that can be copied by a hacker. As larger samples of user behaviour are collected, authentication will continue to improve and become even more certain. Your users can travel anywhere and yet be reliably and continuously authenticated. Accuracies ranging into the high ninety percentile are common using behavioral biometrics with room for improvement.

What’s Ahead

There is an increasing number of mobile devices connecting to corporate networks. While 93 percent have mobile devices connecting to their corporate networks only two-thirds of companies allow it. Change is happening whether your organization is ready for it or not.

New and more sophisticated technologies will continue to emerge. This will bring down the cost to make it more accessible for companies to implement. The prevalence of these screening techniques will also increase the comfort level of individuals as it becomes the norm.

However, the battle between companies and hackers will continue to wage on, as technologies advance, hackers will become increasingly sophisticated. It is important to stay on top of the new technologies and threats against them. Here are a few of the top industry sources to stay on top of the latest industry news:

–        http://www.securityweek.com/

–        http://securityintelligence.com/

–        http://thehackernews.com/

Leave a Reply

You must be logged in to post a comment.