Everything I have read recently about cyber security is that the new approach is not if you are hack but when you are hacked, it is a fait accompli that you will be hacked!
Why Preventing Data Breaches Can Never Lead To Victory
Rather than focusing on stopping cybercriminals with walls, new technologies are emerging that work to identify cybercriminals instead. Take the relatively new startup BioCatch, which received $11.6 million in funding over three rounds. BioCatch’s technology works to identify patterns of user behavior in certain applications, creating user profiles that can then be matched to subsequent visits.
For example, if you visit an e-commerce platform and move your cursor in a certain pattern, or type at a certain speed, BioCatch will be able to determine, on future visits, whether or not the user with your login credentials is actually “you.” Account takeovers, remote access (RAT), and MitB malware attacks could all be potentially thwarted by this approach.
Mimicking a user’s online behavior is far more difficult than breaking down a wall.
Think of it this way — when you use your credit card in an unusual location, like out of state, your bank typically calls you to confirm that it’s actually you making those purchases.
This new technology works the same way, except it uses atypical variations in parameters, like typing speed, mouse movement, keyboard strokes, tapping force and swipe patterns instead of geographical location. Take this practical example: After a few logins, this system will learn that you tend to browse slowly, tap icons hard and type at an average speed.
If someone gets ahold of your login information and browses quickly, with fast typing speed and weak “taps,” the system will trigger a fraudulent use, and your hacker will be forced to provide further authenticating details (or, more likely, give up the effort).
Similar technology, focused on positively identifying people based on behaviors and biometric signatures, is beginning to emerge from other companies, as well. For example, take Bionym, a Toronto-based startup that recently raised $14 million in Series A funding.
Using a wearable wristband called Nymi, the technology detects ECG activity to positively identify a user, then wirelessly confirms that identity to apps and online platforms. Sonavation, a company that designs and produces fingerprint sensors, is also exploring the possibilities of using device-based fingerprint readers to verify user identities.
None of these technologies require any additional effort from the user — they just need to “act natural” in the course of their typical behavior — yet the possibilities for an imposter to mimic these actions is very low.
Some of the strengths of this approach include a “touchless” system, which learns and adapts on its own without direct intervention, and the fact that these patterns can’t be easily learned or faked by an external system.
There are some weaknesses, however, as human behavior isn’t always consistent; these systems could trigger false positives and potentially lock people out of their own accounts. They also do nothing to ensure first-line security, such as protecting passwords from leaking in the first place.
Other Major Players
In addition to biometric and behavior-based security startups like BioCatch and Bionym, several other tech companies are working on this identification-based last line of defense in cybersecurity.
For example, take RSA security, which uses adaptive authentication to positively identify human- and machine-based behaviors and determine a qualitative risk level for each use of the system.
New technologies are emerging that work to identify cybercriminals.
For example, if this system notices improbably fast pacing of clicks, it could register the user as an automated machine and prevent it from operating further. This is great for preventing automated attacks, but does little to identify an unauthorized human being using another human’s personal information.
Or take Trusteer, a startup acquired by IBM in 2013 which now functions as a subsidiary of the company. Trusteer uses software that identifies potential criminal activities on mobile devices, as well as desktop-based activities.
For example, it uses malware detection to determine when a hostile attempt to take over a mobile device has been initiated. It also uses front-end protection to block phishing attempts and similar breaches to personal information, and helps companies implement web-based services that block account takeover attacks.
In this way, Trusteer functions as both a front-end (information protection) and back-end (preventing unauthorized use of information) protection company.
Rather than trying to build new walls to slow down criminals, these companies are taking a more efficient path of positive identification. This isn’t to say that conventional security practices aren’t important — encrypted data, multi-level authentication requirements and general best practices for logins and passwords are as important as ever — but they can always be outsmarted.
Mimicking a user’s online behavior is far more difficult than breaking down a wall, and if BioCatch and its competitors’ behavioral analysis tools prove to be a success, expect to see more products and services like it emerging in the years to come.
