Move over passwords – the future of security is biobehavioral
This is a guest post by Shahrokh Shahidzadeh, CEO at Acceptto
Consider this: assume all your credentials have already been stolen, even those credentials that haven’t been created yet. All it takes is for one employee’s credentials to fall in the hands of the wrong person to cost your company millions in recovery. According to 2018 Cost of a Data Breach Study, the global average cost of a data breach is $3.86 million and due to the frequency of data breaches.
With the number of breaches on the rise year after year, we all must operate under the assumption that our credentials and personal information are already compromised. This combined with increased public awareness, privacy and legal requirements makes preventing the breach an essential part of a CSO strategy. Start by assuming your organization has been breached and take steps to address the incident as if it is happening now, a proactive approach coupled with risk assessment and a breach response strategy is crucial.
CISOs and CSOs can no longer rely on traditional identity authentication processes to protect their company or employees. Unfortunately, not all identity authentication processes are built the same and most suffer from one pain point or another. For example, two-factor security is temporal, causes high friction and can be easily intercepted during transmission. Current multi-factor authentication (MFA) security lacks context and relies on too few attributes. Your biometrics are binary, and regardless of how safe a fingerprint or retina scan appears to be, it can be spoofed and cannot be reset. And, there are few, if any, solutions that continuously validate your identity post-authentication.
When it comes to identity authentication, understanding how we got to where we are with authentication solutions may give a glimpse into what’s to come.
Made for then: passwords started it all
The use of passwords dates back to ancient times when sentries would challenge those wanting to enter an area or approaching it to supply a password or watchword and would only allow a person or group to pass if they knew the password. So, it stands to reason that as computer applications were developed, the concept of a login and password was the only way to authenticate individual users.
As you can guess based on all of the news and reports to show the true effectiveness of passwords, they really aren’t a secure a method of authentication. According to the 2018 Verizon Data Breach report:
“Web application attacks, most often using stolen credentials, are a major issue. Employee error is also having an impact—typically due to misconfigured databases or publishing errors. But perhaps the biggest threat you face is from denial of service attacks—they account for 56% of the incidents witnessed in 2017.”
Since a single form of authentication based on a password was clearly not strong enough to ensure prevention of credential impersonation or even credential stuffing, the addition of multiple forms of authentication was introduced.
Next in line: multi-factor authentication for extended security
Multi-factor authentication is just what it sounds like. Unfortunately, multi-factor authentication solutions impose significant friction through a variety of temporal (e.g., OTP, captchas, reset links) and other binary controls that have all still proven ineffective safeguards against techniques such as credential stuffing and identity spoofing.
As stated earlier, MFA and passwords have inherent flaws that are highly leveraged by cyber criminals. There has to be a better way to authenticate based on individual characteristics that cannot be easily imitated.
Made for now and the future: biobehavioral is immutable
What is needed is a technology that understands the premise that your credentials today, and those that you’ve yet to create, have already been compromised and is easy to integrate. Your identity cannot simply be based on a password or a one-time token or only your biometrics. Your immutable identity is a combination of your physical behaviors, attributes and digital DNA. By eliminating preventable harm with an artificial intelligence and machine learning (AIML) technology that enables frictionless authentication, it ensures your true immutable identity continuously, and dramatically reduces risk, likelihood of fraud and cost of helpdesk operations without guesswork or latency.
It is time for a call to action, the surge of cyber-attacks impacting our day-to-day life is perhaps the inflection point that dials the contrast on how broken the identity authentication system is. Relying on binary authentication such as login/password or even multi-factor authentication requiring another device is clearly not sufficient enough to protect individual cyber credentials. Now is the moment to implement continuous authentication options based on new AIML technologies and biobehavioral characteristics and prepare yourself for the challenges of the future.
About the author
Shahrokh Shahidzadeh leads a team of technologists, driving a paradigm shift in Cybersecurity through Acceptto’s Cognitive Continuous Authentication.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.