Removing the incentive for breaches and fraud: A new approach to cybersecurity
This is a guest post by Robert Capps, vice president of Business Development for NuData Security.
Where there is treasure to be had, there will be thieves trying to take it for themselves. This is the dark side of human nature, as sure as death and taxes, and it’s not going to change. Whereas thieves used to use shovels to unearth other people’s treasure, today they use a variety of sophisticated digital tools to take what isn’t theirs.
At the same time, consumers want life to be easy. That’s also a part of human nature that’s not likely to change. Yesterday’s washing machines and microwavable meals are today’s online shopping and automatically saved, consistently re-used passwords. People know that, especially in light of ongoing data breaches, they should use long passwords containing many types of characters and unique passwords for each online account – but it just seems too difficult to put forth the effort or keep track of it all.
These modern realities can make IT professionals skeptical about the prospect of being able to provide effective security. However, there is a way for organizations to grapple with these twin challenges and still protect their entity and their customers. That’s because, ultimately, it’s all about the data. As long as it’s valuable, it will be stolen. Efforts to devalue data will be the most impactful actions an organization can take to reduce the number, scope and impact of breaches. So how is this accomplished? Read on.
The hard slog of cybersecurity
Once malicious actors have data that’s been stolen, there’s no way to get it back or prevent its misuse. When it’s gone, it’s gone. In addition, cybercriminals have numerous ways to attack – and they keep finding or inventing more. It’s similar to physical crime or terrorism in that way. It’s not feasible to protect an airport, for example, against all possible attack vectors—from every entrance, from the sky, from underground—let alone means of attack that security teams haven’t thought of yet.
The ongoing proliferation of attack vectors against an organization’s network makes cybersecurity a never-ending slog. But it’s a battle that must be fought, because every time an organization gets it wrong, something bad happens. Sometimes what happens leads to the plummeting of share value, the exodus of customers and the plunging of sales.
Going deeper for stronger authentication
A reactive approach to cybersecurity will not do; organizations must adopt a proactive approach in order to prevail against today’s digital criminals. Being proactive means observing consumer behavior with much higher fidelity. Traditionally, analysis has tended to be rather superficial. To truly understand and know the user, you need to look deeper. This includes looking for signals you wouldn’t normally look for—how fast someone types, how hard they hit the keys, how a user interacts with a website, etc.—the types of signals that are often ignored.
Subtle, subconscious behaviors like these can be aggregated to create a unique user profile that is far more detailed and reliable than standard authentication measures like passwords and usernames. Knowing a consumer’s true behavior transcends reliance on static identities.
Rendering data useless
There is yet another benefit to using behavior-based profiles: this method devalues whatever data cybercriminals have or will acquire. Bad actors can’t emulate behaviors with enough fidelity to truly take control of a user’s identity if the right signals are in place. The focus changes from the user’s username, password and perhaps location or secret question to his or her unique identifying behaviors. Deriving identification from measuring these behavioral indicators is so powerful because authenticators can’t be replicated.
So, even if a malicious actor has a legitimate user name and password in his or her possession, they can’t use them for illicit gain. It’s no longer merely an issue of plugging stolen data into a login screen and taking over an account or completing fraudulent transactions; fraudsters would have to exactly mimic every behavior in the profile – an impossible task.
In this way, the misappropriated data becomes useless. So then, why go to the trouble of stealing something you can’t use? The incentive for fraudsters to steal this kind of data is zero. In other words, the data has been devalued.
Turning the tables on fraud
The low side of human nature is to take what doesn’t belong to you and to take the path of least resistance as you’re doing it. Criminals tend to go for the loot that’s easiest to steal and offers the biggest pay-off. If you could change the scenario so that the loot is unusable and therefore worthless to them, why wouldn’t you?
That opportunity now exists, thanks to behavioral biometrics. This method of authentication and fraud detection and prevention works in two primary ways. First, it protects customer accounts and data. Second, it lessens the likelihood of attacks against your network once the message spreads through the cybercriminal grapevine that your data is useless for their purposes. Bad guys will go for the easy win somewhere else while your customers remain loyal, confident and satisfied.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.