In the wake of devastating personal information leaks concerns over cyber-security are at an all-time high.
There are many ways a criminal could potentially acquire personal information; for example, they could use weak passwords to fraudulently log in to a given system, or find an application vulnerability in the backend to find stored data. Recognizing this, many have suggested the proper way to fight back and improve cyber-security is to improve backend systems to have less vulnerability, or train consumers and employees to do a better job of keeping their login information secure.
This is a logical system of improvement, but it is fundamentally flawed in two major ways. First, it is impossible to get everyone on board with new security standards; and all it takes is one weak login to gain access to an entire system.
The other side of the problem is continuing advances in encrypted systems. In a series of one-upmanship, advanced technicians are constantly coming up with new ways to stop cybercriminals in their tracks, and cybercriminals are constantly coming up with new ways to tear down those structures.
Rather than focusing on stopping cybercriminals with walls, new technologies are emerging that work to identify cybercriminals instead. A new startup BioCatch, has introduced a technology that works to identify patterns of user behavior in certain applications, creating user profiles that can then be matched to subsequent visits. Account takeovers, remote access (RAT), and MitB malware attacks could all be potentially thwarted by this approach.
For example, if you visit an e-commerce platform and move your cursor in a certain pattern, or type at a certain speed, BioCatch will be able to register those parameters. If someone else attempts to login in as ‘you’ the technology will check for atypical variations against its stored data on parameters such as typing speed, mouse movement, keyboard strokes, tapping force and swipe patterns.
There are some weaknesses, however, as human behavior is not always consistent; these systems could trigger false positives and potentially lock people out of their own accounts. They also do nothing to ensure first-line security, such as protecting passwords from leaking in the first place.