The 17th annual National Cybersecurity Awareness Month is well underway, with the Cybersecurity and Infrastructure Security Agency and National Cyber Security Alliance promoting this year’s theme, “Do Your Part. #BeCyberSmart.” And with the current COVID-19 environment, there could not be a better time to focus on this topic.
With the onslaught of the global pandemic we have seen a directly correlated, and dramatic rise in distributed workforces. Most organizations now count as much as 75% of their employees working from home (WFH) , and 84% of U.S. companies say they are likely to broaden their WFH policies after the pandemic.
WFH accommodations, however, bring elevated risks, as demonstrated by 63% of cybersecurity professionals seeing a rise in attacks since the outbreak. With a distributed workforce, workers are more dependent on mobile and personal devices, which are increasingly subject to exposure. Nearly 40% of organizations, in fact, have suffered a compromise involving a mobile device within the past year, up from 27% just two years ago, according to the Mobile Security Index 2020 Report from Verizon. Among companies experiencing this type of compromise, two-thirds describe the impact as “major,” with consequences including downtime (as cited by 59% of companies that were compromised), data loss (56%), the compromise of other devices (46%), reputational damage (37%), regulatory penalties (29%) and loss of business (19%).
At BehavioSec, we are helping organizations around the world respond to these challenges with our behavioral biometrics platform, which allows security teams to verify users by building profiles that model how their employees physically interact with online services via their mobile devices. Similar to a fingerprint, a profile is built for each individual based on the unique way in which they hold a smartphone, use a mouse or touchscreen, and type on a keyboard. These individual profiles continuously evolve alongside the user’s own behavior, and are therefore hard to replicate, allowing our platform to establish an enhanced authentication layer on top of passwords, device information and location signals. This sits in contrast to other biometrics solutions which have proven to be vulnerable to theft, spoofing, and other attacks.
Additionally, our platform delivers more benefits to the customer experience and security:
Frictionless authentication. Workers today face unique challenges of juggling competing professional and personal/family demands under the same roof. Their employers add stress to the equation by requiring endless authentication steps involving passwords, pins, tokens and other challenges that create unnecessary friction in the user experience.
In contrast, behavioral biometrics empowers organizations to verify their users unobtrusively, invisibly, and without proprietary hardware. Solely based on normal user interactions, behavioral biometrics continuously answers the eternal “Are you really you?” This continuous monitoring greatly reduces the need for cumbersome and intrusive step-ups or other stressful challenges.
Application and device-level protection. With employees in full BYOD-mode mixing business-related apps with those required for personal needs (like banking or shopping) on the same devices, the potential for misuse, compromise, or even device theft and the corresponding exposure for employers has skyrocketed.
To protect both employees and the companies they work for, our platform can validate whether an outside, unapproved party has taken control of a device to access these apps and the data they contain. It can determine whether it truly is the employee using the device from a new or unusual location, or for example if there is an indication of theft due to the ‘user’ touching the screen in a manner that deviates from the established profile. And to avoid false positives, we can even detect if it is the employee, but on a newly purchased device.
We also detect risky activities, such as jailbreaking, in which users remove or bypass the built-in operating system and security features on devices to install unauthorized apps and extensions . App cloning can also be seen, in which users make new copies of an app to run two accounts of a service on the same device. Obviously, jailbreaking and app cloning may create vulnerabilities, so security teams should constantly monitor such activity and discourage users from voluntarily defeating security features device makers provide for their protection.
Device inheritance. Users will routinely replace old devices with updated ones. Unfortunately, many platforms cannot recognize the same user on a new device and create a series of problems – whether generating false alarms, locking the user out of their accounts, or requiring profile retraining.
We don’t do that. To make for an easier transition, our platform enables teams to avoid “reinventing the wheel” with respect to rebuilding behavioral biometrics profiles on new devices. With device inheritance, a profile learned on one device can be seamlessly transferred to the next one – removing the need for new device onboarding or inflicting digital pain on employees.
Fortunately, more and more organizations embracing the ‘new normal’ of distributed workforces are discovering that behavioral biometrics combines the best of both worlds – strong authentication and a seamless user experience. From our perspective, this is about as “CyberSmart” as it gets.
We appreciate the opportunity to raise awareness about cybersecurity this month, and every month, remaining vigilant throughout the entire year and beyond. If you’d like to find out more about how our platform can help resolve your challenges, please request a demo today! We look forward to speaking with you.