The more activities that we perform online, the more critical it becomes to harden our especially sensitive applications. Business E-mail Compromise (BEC) has become, according to the FBI, a 12 billion dollar problem with increasing sophistication. Scams by fraudsters range from fraudulently initiated wire transfers requested by a impersonating a CEO to using social engineering to trick employees into sending employee W-2s or payroll credentials.
Security professionals recommend implementing multi-factor authentication (MFA, sometimes referred to as 2FA), but fraudsters are becoming increasingly sophisticated and looking for ways around MFA, like tricking unsuspecting users into providing their one-time passwords over the phone or via malware. As fraudsters adapt, so too do our security methods. As we have become better at securing passwords and web applications, fraudsters have resorted to the tried and true methods of trying to con people into giving up their information.
All of the methods and technology we apply are trying to answer the same question – is the user who they claim to be? When an employee receives an e-mail purporting to be from the CEO, how often do they even look past the name on the email header to make sure it’s coming from the real CEO’s email address? Even worse, if the CEO’s email account is compromised, how does an employee tell that an email from the CEO’s account isn’t really from the CEO? They can’t. That means that we need to either strengthen e-mail somehow to make sure that e-mails can really only be sent from the proper account, which would likely result in a cumbersome and inconvenient solution, or we need a way of recognizing that the person at the keyboard is the real CEO.
Enter behavioral biometrics: instead of focusing on information that a user can provide to authenticate (like a password), or on something that the users possesses (like a token), behavioral biometrics instead focuses on the way users interact with the device as they type, touch, or mouse around in a particular application. This provides authentication of something a user is, not just has or knows.
For high trust applications, like requesting a wire transfer, or interacting with payroll, or downloading W-2s, it’s important to continuously authenticate a user, to make sure that not only does the person interacting with the application have the credentials indicating that they are authorized, but that they are, in fact, the authorized user. BehavioSec’s behavioral biometrics solution is the only solution on the market that ensures this.