By Farkas Rabai, technical product manager, One Identity
With one third of cybersecurity incidents being identified as previously unseen threats, companies including financial institutions struggle to defend themselves from an enemy they can’t visualise and whose techniques and attack methods are still unknown. One of the ways the financial sector can get ahead of the curve and strengthen their security posture is the use of behavioural biometrics.
The sophistication of attacks is on a constant incline. Determined attackers can often integrate numerous components to gradually infiltrate their victim’s network and launch a discreet attack or, on the contrary, launch a vast attack at the most opportune moment. Very often, one of the main vectors is the violation of a user account (a regular user or an administrator with privileged access) via phishing attacks, for example. The reason is simple: if the attacker succeeds in posing as a legitimate user – or if the attacker himself is a collaborator – it becomes difficult to detect that his actions are malicious.
But in recent years, a counter-offensive has been launched thanks to machine learning and behavioural biometric technologies which reduce the advantage taken over time by cybercriminals over defenders.
The rise of biometrics
Biometrics refer to measurements related to human characteristics. The uniqueness of certain characteristics, such as fingerprints and irises, make them a potential way to identify individuals with accuracy, without the risk of a password being stolen or a code forgotten. Most people are familiar with physical biometrics. However, hackers have discovered clever ways to steal or duplicate fingerprints. For example, it is possible to take a picture of the glass a person has touched and create a fingerprint with a 3D printer. Behavioural biometrics, as opposed to physical biometrics, is a new and effective defence against cybercriminals. Our physical traits are not the only things that make us unique. The way we speak, type or write can distinguish one individual from another as reliably as fingerprints.
The evolution of biometrics: reading behaviour
Behavioural biometrics are an effective form of authentication for a number of reasons. First, because of its accuracy, it is more secure than physical biometrics. Indeed, because of its nature, behavioural biometric data is unlikely to be stolen or replicated by another person or machine.
As its name suggests, it allows for the monitoring of behavioural patterns. How can it be used? Machine learning technology will analyse a user’s behaviour for several weeks to create a profile of its own. Once the technology is operational, it becomes capable of detecting any deviation in behaviour by observing and correlating dozens of factors. And because it is executed using algorithms, it is constantly being improved.
The data examined includes: mouse movement, typing style, IP address, computer or applications used, etc. The software analyses and records the behavioral patterns of individuals and groups. With a behavioural biometric scoring system ranging from zero to 100, companies can easily assess the risk involved. The closer the score is to 100, the higher the level of risk.
How do Behavioural Biometrics work?
The principle at the basis of behavioural biometrics is to set up a baseline profile for a privileged user or account. This baseline contains, in a way, the connection habits, for example, the time of connection, the systems accessed, the browser used, etc., but also biometric data that is unique to each individual.
The risk score will be between 0 and 20, when an employee maintains his or her work habits. However, if the employee logs on to the system at 2 a.m., which is abnormal behaviour, the biometric system will then trigger a signal and the score will be raised to around 40. If he or she is connected to his or her computer, following his or her usual behavioural pattern (similar portal, same way of clicking, etc.), the system will not shut down.
If the score is higher than 50, for example, the security team will receive a notification. This will allow the security team to do further investigation. Since the score is divided into different algorithms and each factor is weighted differently, it is possible that the night-time logon may have generated a security alert, but since the behavioral pattern is verified, the security team can conclude that there is no obvious malicious behaviour. This helps to ensure that operations run smoothly and provides staff with a high degree of flexibility in their work.
Unfortunately, there is no panacea in cybersecurity, and no solution will ever be completely secure from all types of attack. Given the tools currently available, however, behavioural biometrics seem the most reliable way to identify users with critical security clearances and access privileges – after all, security starts with identity.
