Security

Next-Gen Cybersecurity Is All About Behavior Recognition

Comment

Image Credits: Lightspring (opens in a new window) / Shutterstock (opens in a new window)

Larry Alton

Contributor

Larry Alton is an independent business consultant specializing in social media trends, business and entrepreneurship.

More posts from Larry Alton

In the wake of devastating personal information leaks, like Target’s back in 2014 affecting more than 70 million customers and the more recent Ashley Madison data breach, concerns over cybersecurity are at an all-time high.

Financial advisers overwhelmingly cite cybersecurity as their number-one concern, with business owners and everyday consumers sharing in those worries.

There are a few ways to approach this problem, but the one on everyone’s mind is the most straightforward; we need to protect companies’ records from ever being breached in the first place.

There are many ways a criminal could potentially acquire this information; for example, they could use weak passwords to fraudulently log in to a given system, or find an application vulnerability in the backend to find stored data. Breaches like this are startlingly common, and many go unreported in the news.

Recognizing this, many have suggested the proper way to fight back and improve cybersecurity is to improve backend systems to have fewer vulnerabilities, or train consumers and employees to do a better job of keeping their login information secure. Either way, the goal here is to slow criminals down by making it more difficult for them to obtain or use the necessary information.

Why Preventing Data Breaches Can Never Lead To Victory

This is a logical system of improvement, but it’s fundamentally flawed in two major ways. First, it’s impossible to get everyone on board with new security standards.

For example, if you inform a room full of 100 people about all the dangers of cyberattacks and security breaches, and you explain, in detail, the importance of creating, maintaining and regularly changing strong passwords, at least one person in that group of 100 will continue using the password “password123.” And because all it takes is one rogue available login to gain access to a system, that weak link will perpetually remain open.

The other side of the problem is continuing advances in encrypted systems. In a series of one-upmanship, advanced technicians are constantly coming up with new ways to stop cybercriminals in their tracks, and cybercriminals are constantly coming up with new ways to tear down those structures.

Any new advance in cybersecurity serves only as a temporary wall. Regularly improving and upgrading these walls can serve as an evolving series of defenses, but there can never be a sound “victory” when all data breaches are prevented.

An Alternative Method

Rather than focusing on stopping cybercriminals with walls, new technologies are emerging that work to identify cybercriminals instead. Take the relatively new startup BioCatch, which received $11.6 million in funding over three rounds. BioCatch’s technology works to identify patterns of user behavior in certain applications, creating user profiles that can then be matched to subsequent visits.

For example, if you visit an e-commerce platform and move your cursor in a certain pattern, or type at a certain speed, BioCatch will be able to determine, on future visits, whether or not the user with your login credentials is actually “you.” Account takeovers, remote access (RAT), and MitB malware attacks could all be potentially thwarted by this approach.

Think of it this way — when you use your credit card in an unusual location, like out of state, your bank typically calls you to confirm that it’s actually you making those purchases.

This new technology works the same way, except it uses atypical variations in parameters, like typing speed, mouse movement, keyboard strokes, tapping force and swipe patterns instead of geographical location. Take this practical example: After a few logins, this system will learn that you tend to browse slowly, tap icons hard and type at an average speed.

If someone gets ahold of your login information and browses quickly, with fast typing speed and weak “taps,” the system will trigger a fraudulent use, and your hacker will be forced to provide further authenticating details (or, more likely, give up the effort).

Similar technology, focused on positively identifying people based on behaviors and biometric signatures, is beginning to emerge from other companies, as well. For example, take Bionym, a Toronto-based startup that recently raised $14 million in Series A funding.

Using a wearable wristband called Nymi, the technology detects ECG activity to positively identify a user, then wirelessly confirms that identity to apps and online platforms. Sonavation, a company that designs and produces fingerprint sensors, is also exploring the possibilities of using device-based fingerprint readers to verify user identities.

None of these technologies require any additional effort from the user — they just need to “act natural” in the course of their typical behavior — yet the possibilities for an imposter to mimic these actions is very low.

Some of the strengths of this approach include a “touchless” system, which learns and adapts on its own without direct intervention, and the fact that these patterns can’t be easily learned or faked by an external system.

There are some weaknesses, however, as human behavior isn’t always consistent; these systems could trigger false positives and potentially lock people out of their own accounts. They also do nothing to ensure first-line security, such as protecting passwords from leaking in the first place.

Other Major Players

In addition to biometric and behavior-based security startups like BioCatch and Bionym, several other tech companies are working on this identification-based last line of defense in cybersecurity.

For example, take RSA security, which uses adaptive authentication to positively identify human- and machine-based behaviors and determine a qualitative risk level for each use of the system.

For example, if this system notices improbably fast pacing of clicks, it could register the user as an automated machine and prevent it from operating further. This is great for preventing automated attacks, but does little to identify an unauthorized human being using another human’s personal information.

Or take Trusteer, a startup acquired by IBM in 2013 which now functions as a subsidiary of the company. Trusteer uses software that identifies potential criminal activities on mobile devices, as well as desktop-based activities.

For example, it uses malware detection to determine when a hostile attempt to take over a mobile device has been initiated. It also uses front-end protection to block phishing attempts and similar breaches to personal information, and helps companies implement web-based services that block account takeover attacks.

In this way, Trusteer functions as both a front-end (information protection) and back-end (preventing unauthorized use of information) protection company.

Rather than trying to build new walls to slow down criminals, these companies are taking a more efficient path of positive identification. This isn’t to say that conventional security practices aren’t important — encrypted data, multi-level authentication requirements and general best practices for logins and passwords are as important as ever — but they can always be outsmarted.

Mimicking a user’s online behavior is far more difficult than breaking down a wall, and if BioCatch and its competitors’ behavioral analysis tools prove to be a success, expect to see more products and services like it emerging in the years to come.

More TechCrunch

The prospects for troubled banking-as-a-service startup Synapse have gone from bad to worse this week after a United States Trustee filed an emergency motion on Wednesday.  The trustee is asking…

A US Trustee wants troubled fintech Synapse to be liquidated via Chapter 7 bankruptcy, cites ‘gross mismanagement’

U.K.-based Seraphim Space is spinning up its 13th accelerator program, with nine participating companies working on a range of tech from propulsion to in-space manufacturing and space situational awareness. The…

Seraphim’s latest space accelerator welcomes nine companies

OpenAI has reached a deal with Reddit to use the social news site’s data for training AI models. In a blog post on OpenAI’s press relations site, the company said…

OpenAI inks deal to train AI on Reddit data

X users will now be able to discover posts from new Communities that are trending directly from an Explore tab within the section.

X pushes more users to Communities

For Mark Zuckerberg’s 40th birthday, his wife got him a photoshoot. Zuckerberg gives the camera a sly smile as he sits amid a carefully crafted re-creation of his childhood bedroom.…

Mark Zuckerberg’s makeover: Midlife crisis or carefully crafted rebrand?

Strava announced a slew of features, including AI to weed out leaderboard cheats, a new ‘family’ subscription plan, dark mode and more.

Strava taps AI to weed out leaderboard cheats, unveils ‘family’ plan, dark mode and more

We all fall down sometimes. Astronauts are no exception. You need to be in peak physical condition for space travel, but bulky space suits and lower gravity levels can be…

Astronauts fall over. Robotic limbs can help them back up.

Microsoft will launch its custom Cobalt 100 chips to customers as a public preview at its Build conference next week, TechCrunch has learned. In an analyst briefing ahead of Build,…

Microsoft’s custom Cobalt chips will come to Azure next week

What a wild week for transportation news! It was a smorgasbord of news that seemed to touch every sector and theme in transportation.

Tesla keeps cutting jobs and the feds probe Waymo

Sony Music Group has sent letters to more than 700 tech companies and music streaming services to warn them not to use its music to train AI without explicit permission.…

Sony Music warns tech companies over ‘unauthorized’ use of its content to train AI

Winston Chi, Butter’s founder and CEO, told TechCrunch that “most parties, including our investors and us, are making money” from the exit.

GrubMarket buys Butter to give its food distribution tech an AI boost

The investor lawsuit is related to Bolt securing a $30 million personal loan to Ryan Breslow, which was later defaulted on.

Bolt founder Ryan Breslow wants to settle an investor lawsuit by returning $37 million worth of shares

Meta, the parent company of Facebook, launched an enterprise version of the prominent social network in 2015. It always seemed like a stretch for a company built on a consumer…

With the end of Workplace, it’s fair to wonder if Meta was ever serious about the enterprise

X, formerly Twitter, turned TweetDeck into X Pro and pushed it behind a paywall. But there is a new column-based social media tool in town, and it’s from Instagram Threads.…

Meta Threads is testing pinned columns on the web, similar to the old TweetDeck

As part of 2024’s Accessibility Awareness Day, Google is showing off some updates to Android that should be useful to folks with mobility or vision impairments. Project Gameface allows gamers…

Google expands hands-free and eyes-free interfaces on Android

A hacker listed the data allegedly breached from Samco on a known cybercrime forum.

Hacker claims theft of India’s Samco account data

A top European privacy watchdog is investigating following the recent breaches of Dell customers’ personal information, TechCrunch has learned.  Ireland’s Data Protection Commission (DPC) deputy commissioner Graham Doyle confirmed to…

Ireland privacy watchdog confirms Dell data breach investigation

Ampere and Qualcomm aren’t the most obvious of partners. Both, after all, offer Arm-based chips for running data center servers (though Qualcomm’s largest market remains mobile). But as the two…

Ampere teams up with Qualcomm to launch an Arm-based AI server

At Google’s I/O developer conference, the company made its case to developers — and to some extent, consumers — why its bets on AI are ahead of rivals. At the…

Google I/O was an AI evolution, not a revolution

TechCrunch Disrupt has always been the ultimate convergence point for all things startup and tech. In the bustling world of innovation, it serves as the “big top” tent, where entrepreneurs,…

Meet the Magnificent Six: A tour of the stages at Disrupt 2024

There’s apparently a lot of demand for an on-demand handyperson. Khosla Ventures and Pear VC have just tripled down on their investment in Honey Homes, which offers up a dedicated…

Khosla Ventures, Pear VC triple down on Honey Homes, a smart way to hire a handyman

TikTok is testing the ability for users to upload 60-minute videos, the company confirmed to TechCrunch on Thursday. The feature is available to a limited group of users in select…

TikTok tests 60-minute video uploads as it continues to take on YouTube

Flock Safety is a multibillion-dollar startup that’s got eyes everywhere. As of Wednesday, with the company’s new Solar Condor cameras, those eyes are solar-powered and use wireless 5G networks to…

Flock Safety’s solar-powered cameras could make surveillance more widespread

Since he was very young, Bar Mor knew that he would inevitably do something with real estate. His family was involved in all types of real estate projects, from ground-up…

Agora raises $34M Series B to keep building the Carta for real estate

Poshmark, the social commerce site that lets people buy and sell new and used items to each other, launched a paid marketing tool on Thursday, giving sellers the ability to…

Poshmark’s ‘Promoted Closet’ tool lets sellers boost all their listings at once

Google is launching a Gemini add-on for educational institutes through Google Workspace.

Google adds Gemini to its Education suite

More money for the generative AI boom: Y Combinator-backed developer infrastructure startup Recall.ai announced Thursday it has raised a $10 million Series A funding round, bringing its total raised to over…

YC-backed Recall.ai gets $10M Series A to help companies use virtual meeting data

Engineers Adam Keating and Jeremy Andrews were tired of using spreadsheets and screenshots to collab with teammates — so they launched a startup, CoLab, to build a better way. The…

CoLab’s collaborative tools for engineers line up $21M in new funding

Reddit announced on Wednesday that it is reintroducing its awards system after shutting down the program last year. The company said that most of the mechanisms related to awards will…

Reddit reintroduces its awards system

Sigma Computing, a startup building a range of data analytics and business intelligence tools, has raised $200 million in a fresh VC round.

Sigma is building a suite of collaborative data analytics tools