Future Cyber-Security to protect via Behavior Recognition

By | August 25, 2015

Last few years have seen a sudden increase in the number of hackers trying to make the confidential data public. In the Year 2014, the Ashley Madison Data breach made everybody to think about the Cyber-security system twice.

Business people, Industries and most importantly the Financial advisers are totally concerned about the Cyber-security system including the customers sharing the same concern. Though there are a few ways to deal with this issue, however, first and the foremost way is to protect the company records from being breached.

Over the years, hackers have adopted the smart ways and they are equipped with a lot of options to get the information. Accounts which have weaker passwords are the first thing they look for, either by logging in or by the stored data, hackers know how to crack down the password and to leak the information. These cases are never officially reported in the news.

After understanding the seriousness of this issue, many people have suggested various ways to improve the cyber-security for back-end systems to have less susceptibility or train customers and employees to have better passwords and to use security options like two-factor authentication. The only motive is to cut down the hackers by making it more difficult for them to hack the necessary information.

Protecting Data Breaches – win or lose?

Protecting the official records from being breached is a logical system for improving the cyber-security but it’s basically defective in two major ways.

Firstly, it’s impossible to gather everyone on board with new security standards. For instance, if you tell 100 people about all the dangers and risks of cyber attacks and security breaches, explaining the importance of creating, maintaining and regularly changing strong passwords, at least one person in that group of 100 will continue using the same password “password123.” Just because all it takes is one blackguard login to gain access to a system, that weak link will stay open and thus welcomes the trouble.

Secondly, the advancements over the encrypted systems has become a big trouble, the technicians are building new ways to sort the issues and stop the hackers but the cyber-criminals are constantly tearing up those structures with their own ways. Any new advancements in cyber-security obliges only as a temporary wall but if it is Regularly improving and upgrading, these walls can serve as an evolving series of defenses, perhaps, there can never be a sound “victory” when all data breaches are prevented.

The Substitute Method

Instead of concentrating on stopping the cybercriminals with walls, the technicians has invented new technologies which are trying to identify the cybercriminals itself to sort this issue.

The New Startup BioCatch that received $11.6 million in funding over three rounds. BioCatch’s technology works to detect patterns of user behavior in some of the applications, creating user profiles that can be matched to following visits.

For instance, if you’re moving your cursor in a particular form while visiting various websites, BioCatch technology would record that activity of yours as a behavioral identity and on the future visits it will be able to detect whether the user is you or someone else. Account takeovers, remote access (RAT), and MitB malware attacks could all be potentially hamstrung by this approach. Even by imitating the user’s online behavior is more difficult and impossible than breaking up the cyber-security wall.

When you log on to Facebook from a different device, it automatically confirms whether it is you who is logging in or when you use your credit card in an unfamiliar place, your bank keeps calling you to confirm that it’s actually you making those purchases or not.

This new technology uses a typical variation in parameters such as typing speed, mouse movement, keyboard strokes, the tapping force and swipe patterns instead of geographical location. After a few logins, this system will learn that you incline to browse slowly, tap icons hard and type at an average speed. And if someone gets to know about your login information and browses quickly, with fast typing speed and weak “taps,” the system will trigger a fraudulent use, and your hacker will be forced to offer further authenticating details. The other countries are trying to emerge with the same technology by focusing on identifying people through their behaviors and biometric signatures.

A wearable wristband called Nymi uses this technology and detects ECG activity to identify a user and then confirms that identity to apps and online platforms. Sonavation, a company that designs and produces fingerprint sensors, is also exploring the possibilities of using device-based fingerprint readers to verify user identities.

The Users do not need any extra effort to get access to this new technologies, they just need to be themselves and their natural behavior is recorded as their identity. The Chances of imitators to mimic these behavioral patterns are very less.

The main strength of this approach is the ‘touchless’ system that learns and adjusts on its own without direct intervention, and the fact that these patterns can’t be easily learned or faked by an external system. However, there are some weaknesses, as human behavior isn’t always coherent; these systems could point false positives and may lock people out of their own accounts. Also, they did nothing for the first-line security, such as protecting passwords from leaking in the first place.

Imitating someones’ online behavior is much more difficult than breaking down the cyber-security wall, and if BioCatch and its competitor behavioral analysis tools prove to be a success, it is highly expected to see more products and services emerging like this in the years to come.