Cybersecurity breaches are becoming bigger, attacks are increasingly sophisticated, and the amount of compromised data is rising astronomically. Little surprise that industry experts are heralding behavioural biometrics as a transformational solution – and one, when used alongside other defensive layers, that redresses the balance that has been tipped heavily in favour of hackers for too long.
Consider that 61 per cent of corporate organisations reported one or more cyberattacks in the last year, in research published in April by insurer Hiscox. This is despite the fact that 5,400 organisations across seven countries who inputted to the Hiscox Cyber Readiness Report 2019 revealed that their total cybersecurity spent for 2018 was $7.8 billion (£6.3bn), or $1.45 million (£1.2m) per company – up 24 per cent, year on year.
More alarmingly, one in three cybersecurity incidents is caused by a previously unseen threat, according to research undertaken recently by One Identity at Infosecurity Europe. How can an organisation defend and prepare against something that not only hasn’t materialised yet, but whose shape and modus operandi are unknown? It is an almighty challenge, to put it mildly.
However, help is now at hand. Thanks to advances in machine learning, behavioural biometrics offers a welcome new layer of defence against cybercriminals, who are assaulting businesses from all sides and have been one step ahead for years.
- Powerfully personal: the role of fingerprint biometric technology in the digital identity security crisis
Complementing security with biometrics
Biometrics can be defined as the automatic recognition of people on their biological or behavioural characteristics. Most people know about physiological biometrics; we have smartphones with facial recognition technology, or laptops that can be opened by a user’s fingerprint.
Many celebrated the advent of physiological biometrics, but hackers have discovered cunning methods to steal or replicate fingerprints and facial recognition. For example, it is possible to take a photograph of glass that a person has touched, and from that create a fingerprint with a 3D printer.
The development of behavioural biometrics, though, marks a new type of defensive weapon to use against those with malicious intent, and should be deployed in addition to other methods of authentication. Our physical traits are not the only things that make us unique. Indeed, routine tasks, including the way we speak, type or write are governed by actions that are so distinctive as to be completely different to anyone else. For instance, this might be mouse movement or typing dynamics analysis, to the extent that a user’s most common spelling mistakes will be recorded – so that if words are spelled correctly it will raise a flag.
Behavioural biometrics – the next evolution
There are many positive reasons to embrace this technology. Firstly, because of its accuracy, it is orders of magnitude more secure compared to physical biometrics; it is effectively impossible for it to be stolen or replicated, by any other person or machine. Further, it constantly monitors the changes in a person’s online behaviour, and because it is run using machine-learning algorithms, it is always improving.
There are numerous other pluses for using behavioural biometrics. Organisations can deploy a solution quickly and without fuss, because it can run on a remote cloud server, and doesn’t even require specific hardware. As such, it can be activated without subjecting employees to either obtrusive examinations or extensive. They can be set up at the push of a button, literally.
Good behavioural biometrics solutions will monitor patterns. Allowing machine algorithms to start to learn the behaviours of the users in a given system straightaway. In this way, the system works perfectly after about a week, and over a dozen factors are checked all the time. It is very personal and precise, and results are provided in real-time, so IT or security teams are able to monitor the activities of users continuously and accurately all day, every day.
Traits assessed include mouse movement, keystrokes, IP address, time period of connection, the computer or applications used, and so on. The software, which runs on a centralised system in the cloud, audits and records patterns and also monitors group behaviours. With a behavioural biometrics scoring system for every session, running from zero to 100, users can easily gauge the risk as the higher the number, the bigger risk there is to a user’s behaviour.
Behavioural biometrics in action
If a worker is doing a regular job, the risk score will be between zero and 20. However, if for example the employee logs on to the system at 2am, which is abnormal behaviour, it will raise a flag, and the score will jump to around 40. If s/he is logged on to his or her computer, typing in their usual pattern, using the normal portal, then the system will not be shut down.
If a score is over 50, say, the security team might be sent a notification on their various devices, via its security information and event management (SIEM) software. Its members could investigate further, as the score is broken up into different algorithms, and each factor is weighted differently – and all can be customised by the client. It may be that the early-morning log-in created a big score, but the human score checks out, so the security team would conclude that there is obviously no malicious behaviour. This helps keep things running smoothly and workers being able to work as it suits them.
What about the worker who steps away from his laptop for a coffee and leaves his computer open? A bad actor might spot his absence, pull up a chair and attempt to steal sensitive data. Because the behavioural biometrics software runs all the time, the changes in typing style and mouse movement – is it being moved quicker than normal and is there a bigger gap between taps on a double tap? – will raise the alarm immediately, the system will shut down before any damage is done.
It is important to stress that there is neither a silver bullet in cybersecurity nor a single solution that is 100 per cent safe, as anyone in the industry worth their salt will tell you. Biometrics in general offer a critical second layer of defence, though, and you can be sure that if an attack causes one security mechanism to fail, using behavioural biometrics identification capabilities that provide continuous authentication of privileged users, will kick in to protect the system.
Farkas Rabai, technical product manager, One Identity