Third Certainty: Behavior-based user profiles can help stymie hackers

October 4, 2016 — Behavior-based user profiles can help stymie hackers

Robert Capps, VP at NuData, explains why ‘devalued’ data is an effective alternative to the username and password for improving security.

Cyber criminals make far too much money to stop perpetrating data breaches. At the same time, consumers’ laxity toward online security is unlikely to change.

It may seem like these two factors make cybersecurity impossible, but organizations still can protect their entity and their customers: They need to devalue their data. Bear with me for an explanation of what I mean by “devalue.”

There are so many threats coming from so many directions that data security is a constant, uphill battle. The fact is that every time we get it wrong, something bad happens—sometimes seriously bad. Adding insult to injury, once data has been stolen, there’s no way to get it back. When it’s gone, it’s gone.

Cybersecurity today requires a proactive approach. This means observing consumer behavior with much higher fidelity. Traditionally, analysis has tended to be rather superficial. To truly understand and know the user, you need to look deeper.

This includes looking for signals you wouldn’t normally look for—how fast someone types, how hard they hit the keys, how a user interacts with a website, etc.—the types of signals that often are ignored.

Information like this, when aggregated, forms a distinctive, behavior-based user profile that is far more detailed and reliable than standards like passwords and usernames. These profiles devalue data because bad actors can’t emulate behaviors with enough fidelity to truly take control of a user’s identity.

The focus changes from the user’s username, password and perhaps location or secret question to his or her unique identifying behaviors. By putting these authenticators together into unique user profiles, fraudulent actors can’t use the data they’ve stolen.

For the complete article, go here.