Learn More »

RSA Conference week reveals what’s most important: Risk, trust and login credentials

  • Jordan Blake
  • Blog
  • Share

Last week, the BehavioSec team attended the RSA Conference in San Francisco, among more than 42,500 attendees, 740 speakers and 700 exhibitors. It made for an exciting week at the epicenter of the cybersecurity world. At BehavioSec’s booth, we conducted a friendly competition to see if any conference attendees could successfully impersonate our experts’ identities. We handed valid login credentials to guests and dared them to try and overcome BehavioSec’s technology by signing into a mobile app protected by our behavioral biometrics platform running on an iPad.

Things did not go well for the would-be intruders! They watched our team members sign in with ease – then tried to mimic their pace and keystrokes (over and over again), only to be stopped cold by our software. We then showed them the administrator’s view which detailed just how obvious their failed login attempts appeared to BehavioSec’s platform — the same one used to protect major banks, fintech apps and other global organizations.

Our booth conversations aligned closely with several key themes at RSA this year, namely managing risk and focusing on trust as an enabler of commerce and innovation. In several keynotes and video feeds from the show, speakers rightly contended that the industry needs to go beyond piecemeal defenses for each new threat and convince a wider set of stakeholders that technology can move an organization forward – even in the face of persistent and resourceful bad actors. This is the essence of “risk management” that boardrooms, investors and chief executives prioritize.

This topic segued into “trust” – the need to not only help security professionals maintain trust in their deployed security controls, but to foster wider peace-of-mind among consumers and enterprises that the organizations they rely on and do business with are doing everything they can to protect their data, transactions and accounts.

In an interview from the show floor on theCUBE, RSA president Rohit Ghai suggested Internet users are in an era he called “a trust crisis,” adding “…people are losing faith in technology as a force for good … if you think about trust, trust is based on reputation. Trust is not perfection; I don’t trust you because you’re perfect. I trust you because I can count on how you’re going to behave in certain circumstances…

I agree with Rohit on there being a trust crisis, however take exception with the idea that “reputation” is an adequate benchmark for digital trust. Personas are too easily stolen and spoofed in the digital age. The ubiquitous codes and credentials we are issued are continually breached and weakened by password reuse. We have to go beyond trust hinging upon “who” someone’s credentials say they are – and incorporate continuous authentication to let people prove their identity intuitively through their natural behaviors.

Just as we demonstrated at our RSA booth, it’s time we made everyone’s inherent behavior the true measure of trust, to cut down on fraud as well as needless authentication friction. BehavioSec behavioral biometrics forms a strong foundation for risk management decisions and trust because it meets the multiple priorities of backstopping existing security controls (e.g. passwords), features a transparent user experience and delivers peace-of-mind to customers. Rest assured that if your bank, broker or fintech app incorporates BehavioSec, it will be very difficult for criminals to bluff, clone or brute-force their way into your accounts and digital life.

Soon after RSA Conference wound-down, Citrix reported a high profile data breach blamed on “credential spraying,” which is when an attacker applies the same (stolen or guessed) password to multiple user accounts, hoping to secure unauthorized access. This is yet another reminder that if we’re ever to solve the Internet’s trust deficit, we have to find ways to securely thrive that don’t rely on easily stolen or spoofed authentication data.