Statement by Ingo Deutschmann, SVP Engineering at BehavioSec
Ingo Deutschmann, SVP Engineering at BehavioSec
No safety factor is as critical as the person himself. In its current management report on IT security in Germany 2021, the BSI rightly notes that humans remain an often underestimated security risk as a gateway for cyber attacks. Cybercriminals around the world are taking advantage of the confusion surrounding the current pandemic to use phishing, vishing, smishing and many other social engineering techniques to get their victims to click on a link to download malware to their IT devices. This allows you to bypass authorization checks, tokens, step-up authentication and other security mechanisms.
It is extremely difficult for CISOs and security professionals in organizations to stop this attack vector, as their traditional security mechanisms such as device fingerprinting, geolocation, credentials and step-up authentications are bypassed. Multi-factor authentication does not protect stolen passwords and intercepted PIN codes from entering the accounts. For this reason, those responsible should consider behavioral biometrics as an important component of their security strategy and solution portfolio. Behavioral biometrics provides an additional layer of defense that reliably thwarts social engineering. She can detect subtle signs of manipulation before it’s too late. Instead of relying solely on information that a criminal can steal or manipulate, behavioral biometrics creates user profiles based on how employees or customers physically interact with devices. This creates a unique, individual profile that criminals cannot imitate.
In case a scammer puts pressure on or deceives a victim via voice phishing, CEO scams or any other form of social engineering, this smart technology intervenes. It recognizes various characteristics by which it can be determined that the user does not act “normally” as usual, but shows a conspicuous behavior. The trigger for an alarm can be when, for example, a delayed action takes place or breaks are taken that are atypical for the user. This could be an indication that the user is following the instructions of a third party. Another strange action is when, for example, when authenticating via the smartphone, the user moves this up and down, because he receives an instruction from a criminal about a transfer and has to switch back and forth between the devices. Behavioral biometrics detects these deviations from the normal interaction via the respective devices and sends warning messages to the security teams. They can check the session and, in case of doubt, stop the transaction or freeze account settings. In addition, you can reset the settings and block access until an account manager has telephoned the person concerned and clarified the matter.