Organizations are realizing the advantages of using biometric authentication for protecting computers, sensitive data, server rooms and other business assets. It is of utmost importance that unauthorized staff must not have access to specific files. Companies are using biometric authentications to regulate access to sensitive data and to ensure that the right person has access to the right device at the right time.
Better understanding of biometric authentication
This is completely unique to the individual, recordable and permanent. This includes person’s facial structure, voice print, fingerprints, iris, the geometry of hands, or the way a person interacts with a computer system, etc. These unique human identities are recorded, stored and matched in the database which allows the user to log into work systems in a secure way without having to remember multiple passwords. A recent survey conducted by CyberArk revealed that many organizations are beginning to integrate cutting-edge new security technologies into their strategies, with nearly one in five (19%) reporting that their IT security team is experimenting with biometric security techniques, including retinal scans, fingerprints as well as embedded microchips.
The cybersecurity conundrum
Biometric authentication has several advantages compared to traditional recognition. In some applications, it can either replace or supplement existing technologies; in others, it is the only viable approach to personal recognition. However, this technology raises some serious worries about security and privacy. With the increasing infrastructure for reliable automatic personal recognition, concerns are naturally growing over whether this information might be abused to violate individuals’ right to anonymity.
The security and privacy risks are very high because if hackers get a hand on your personal credentials and use it, you would not be able to do anything about it- leaving your devices and accounts vulnerable and exposed. While passwords may change, physical biometrics are generic and specific to an individual. Furthermore, the permanence of biometric authentication could easily lead some individuals and organizations to become over -confident in the technology and focus less on robust cybersecurity best practices such as multi-factor authentication (MFA). The organization is responsible for safeguarding the employees’ unique identities as well as their devices.
Savvy hackers are already trying to exploit biometric technology for digital and physical authentication.
How are hackers targeting human identities
Here are some ways attackers are targeting unique human identities to gather massive amounts of biometric data for future modelling purposes and nefarious use:
Genetic consumer services
People take blood tests at home all the time without having much knowledge about how the data can be used against them. This genetic information can be easily handed over to any organization which in turn leads to their unique genetic information becoming vulnerable. Last year, genealogy testing service MyHeritage revealed that 92 million accounts were found on a private server. Although in this case, the personal information was not compromised, it demonstrates the potential for far reaching damage in the case of a successful breach.
Embedded human microchips
Today approximately 100,000 people use an embedded microchip, which they use to do multiple things like get into the gym, unlock their office door, buy lunch etc. according to the biohacking company Dangerous Things. Yet, many security researchers have demonstrated ways to successfully hack into these chip implants – from infecting a chip with a virus through an SQL injection attack to conduct a URL attack on a browser vulnerability on an NFC chip.
Biometric stores within organizations
As biometric authentication technology grows, huge amounts of highly sensitive data is being collected, stored on-premise and in the cloud, processed and accessed with minimal protection. Sophisticated hackers take advantage of such data stores within organizations, understanding that many have not implemented the appropriate security and privacy organizational measures needed to keep this sensitive data secure.
Cybersecurity professionals know that specific attacks will change and evolve, but the themes remain the same: sensitive data is an attractive target for attackers. Biometric technology has a long way to go as companies need to stay one step ahead of the hackers and anticipate their ability to hack into biometric technology. Robust cybersecurity measure such as multi-factor authentication (MFA) is needed, as the stakes are high. This is more about protecting employees’ unique human identities than just financial and reputational damage to businesses.
(Rohan Vaidya is Regional Director of Sales – India, CyberArk)