Today marks the start of National Cyber Security Awareness month, held every October since 2004 in the United States and since 2012 in Europe. The National Cyber Security Alliance sponsors this event along with multiple federal agencies to encourage vigilance and protection by all computer users.
This year’s National Cyber Security Awareness month comes on the heels of some pretty damning breaches and hacks, that are changing the conversation on how personal data is stored and used to identify users.
Here’s what you need to know:
- The fallout from the breaches is just beginning. When credit card numbers get stolen, a new lifecycle is born. It is true that there is a “shelf-life” for the actual validity of credit cards; that is, so long as the breach remains unpublicized, the fraudsters are able to aggregate, sell and use the data. However, even though once the “word” gets out and the value of the card number itself quickly drops, the data can still be used to improve databases, enhance phishing schemes and support other account takeover crimes. Cancelling cards or implementing credit freezes, can only go so far. Fraudsters use sophisticated social engineering schemes to convince victims to hand over other personal details, transfer money and even provide remote access to accounts that they will themselves authenticate into.
- Traditional cybersecurity approaches are not working. Static endpoint solutions and other capabilities that look at risk information at specific points in time (like user authentication, malware, device ID, geolocation) have been and will continue to be a source of vulnerability as fraudsters are increasing sophisticated and look at all these as specific areas to attack. This ends up being a cat-and-mouse game, which has no end. Using dynamic approaches, like behavioral biometrics, changes the rules of the game and goes straight to the source of the action, that is to verify the actual user, not what device or token was used to access a particular account.
- Good cyberhygiene applies to everyone. No one is immune from the threat that is being faced today. More than 9 billion credentials have been stolen since 2013, translating into 61 records per second, and this number will only continue grow. Even the smallest businesses can provide a window into the personal details of individuals, who can in turn be hacked and serve as a springboard to attacking their corporate bank accounts, which in turn can cause the loss of large sums of money, putting further people at risk. Small steps like thinking twice before clicking on links that can install malware on a machine, can go a long way. More scalable methods involve changing the structure of authentication protocols from one-time events to continuous modes.
- Behavioral biometrics is emerging as a leading antidote. In July, Forrester analyst Andras Czer joined us for a discussion on “Why Behavioral Biometrics Are So Popular Now”. While a static piece of data like a number or holding the correct device cannot truly provide definitive evidence someone is who they claim, their behavior can. More than 500 parameters like the way we type, scroll, toggle between fields, use shortcuts, hold the phone, etc. are used to distinguish between a legitimate user and a fraudster, even if they have the correct credentials for logging in or applying for a credit card.