Next-Gen Cybersecurity Is All About Behavior Recognition

In the wake of devastating personal information leaks, like Target’s back in 2014 affecting more than 70 million customers and the more recent Ashley Madison data breach, concerns over cybersecurity are at an all-time high.

Financial advisers overwhelmingly cite cybersecurity as their number-one concern, with business owners and everyday consumers sharing in those worries.

There are a few ways to approach this problem, but the one on everyone’s mind is the most straightforward; we need to protect companies’ records from ever being breached in the first place.

There are many ways a criminal could potentially acquire this information; for example, they could use weak passwords to fraudulently log in to a given system, or find an application vulnerability in the backend to find stored data. Breaches like this are startlingly common, and many go unreported in the news.

Recognizing this, many have suggested the proper way to fight back and improve cybersecurity is to improve backend systems to have fewer vulnerabilities, or train consumers and employees to do a better job of keeping their login information secure. Either way, the goal here is to slow criminals down by making it more difficult for them to obtain or use the necessary information.

Why Preventing Data Breaches Can Never Lead To Victory

This is a logical system of improvement, but it’s fundamentally flawed in two major ways. First, it’s impossible to get everyone on board with new security standards.

We need to protect companies’ records from ever being breached in the first place.

For example, if you inform a room full of 100 people about all the dangers of cyberattacks and security breaches, and you explain, in detail, the importance of creating, maintaining and regularly changing strong passwords, at least one person in that group of 100 will continue using the password “password123.” And because all it takes is one rogue available login to gain access to a system, that weak link will perpetually remain open.

The other side of the problem is continuing advances in encrypted systems. In a series of one-upmanship, advanced technicians are constantly coming up with new ways to stop cybercriminals in their tracks, and cybercriminals are constantly coming up with new ways to tear down those structures.

Any new advance in cybersecurity serves only as a temporary wall. Regularly improving and upgrading these walls can serve as an evolving series of defenses, but there can never be a sound “victory” when all data breaches are prevented.

An Alternative Method

Rather than focusing on stopping cybercriminals with walls, new technologies are emerging that work to identify cybercriminals instead. Take the relatively new startup BioCatch, which received $11.6 million in funding over three rounds. BioCatch’s technology works to identify patterns of user behavior in certain applications, creating user profiles that can then be matched to subsequent visits.

For example, if you visit an e-commerce platform and move your cursor in a certain pattern, or type at a certain speed, BioCatch will be able to determine, on future visits, whether or not the user with your login credentials is actually “you.” Account takeovers, remote access (RAT), and MitB malware attacks could all be potentially thwarted by this approach.

Mimicking a user’s online behavior is far more difficult than breaking down a wall.

Think of it this way — when you use your credit card in an unusual location, like out of state, your bank typically calls you to confirm that it’s actually you making those purchases.

This new technology works the same way, except it uses atypical variations in parameters, like typing speed, mouse movement, keyboard strokes, tapping force and swipe patterns instead of geographical location. Take this practical example: After a few logins, this system will learn that you tend to browse slowly, tap icons hard and type at an average speed.

If someone gets ahold of your login information and browses quickly, with fast typing speed and weak “taps,” the system will trigger a fraudulent use, and your hacker will be forced to provide further authenticating details (or, more likely, give up the effort).

Similar technology, focused on positively identifying people based on behaviors and biometric signatures, is beginning to emerge from other companies, as well. For example, take Bionym, a Toronto-based startup that recently raised $14 million in Series A funding.

Using a wearable wristband called Nymi, the technology detects ECG activity to positively identify a user, then wirelessly confirms that identity to apps and online platforms. Sonavation, a company that designs and produces fingerprint sensors, is also exploring the possibilities of using device-based fingerprint readers to verify user identities.

None of these technologies require any additional effort from the user — they just need to “act natural” in the course of their typical behavior — yet the possibilities for an imposter to mimic these actions is very low.

Some of the strengths of this approach include a “touchless” system, which learns and adapts on its own without direct intervention, and the fact that these patterns can’t be easily learned or faked by an external system.

There are some weaknesses, however, as human behavior isn’t always consistent; these systems could trigger false positives and potentially lock people out of their own accounts. They also do nothing to ensure first-line security, such as protecting passwords from leaking in the first place.

Other Major Players

In addition to biometric and behavior-based security startups like BioCatch and Bionym, several other tech companies are working on this identification-based last line of defense in cybersecurity.

For example, take RSA security, which uses adaptive authentication to positively identify human- and machine-based behaviors and determine a qualitative risk level for each use of the system.

New technologies are emerging that work to identify cybercriminals.

For example, if this system notices improbably fast pacing of clicks, it could register the user as an automated machine and prevent it from operating further. This is great for preventing automated attacks, but does little to identify an unauthorized human being using another human’s personal information.

Or take Trusteer, a startup acquired by IBM in 2013 which now functions as a subsidiary of the company. Trusteer uses software that identifies potential criminal activities on mobile devices, as well as desktop-based activities.

For example, it uses malware detection to determine when a hostile attempt to take over a mobile device has been initiated. It also uses front-end protection to block phishing attempts and similar breaches to personal information, and helps companies implement web-based services that block account takeover attacks.

In this way, Trusteer functions as both a front-end (information protection) and back-end (preventing unauthorized use of information) protection company.

Rather than trying to build new walls to slow down criminals, these companies are taking a more efficient path of positive identification. This isn’t to say that conventional security practices aren’t important — encrypted data, multi-level authentication requirements and general best practices for logins and passwords are as important as ever — but they can always be outsmarted.

Mimicking a user’s online behavior is far more difficult than breaking down a wall, and if BioCatch and its competitors’ behavioral analysis tools prove to be a success, expect to see more products and services like it emerging in the years to come.