- Posted by Aron Hsiao
- On October 5, 2018
October is Cybersecurity Awareness Month, and the theme for this week is “Make Your Home a Haven for Online Security.”
Now at Plurilock we primarily serve companies, government agencies, and other large organizations—we don’t place products in consumers’ homes.
In honor of Cybersecurity Awareness Month, however, we’d like to make the case that cybersecurity is increasingly one large, all-encompassing issue, at home or elsewhere—and that there are real things that now need to be done about it.
Cybersecurity Is Increasingly a Public Issue
McAfee and the Center for Strategic and International Studies put the global impact of cybercrime today at $600 billion and counting. Meanwhile, CyberSecurity Ventures has projected that this figure may rise as high as $6 trillion within the next three years.
When numbers are that large, is it really plausible to try to separate cybersecurity incidents into those that affect home life and those that somehow don’t? Effects this large can’t be limited to corporate or government agency balance sheets.
They invariably touch every household in some way.
And the Public Lives at Home
How are these effects experienced by households and the people and families that live in them?
- Consumers’ identities, accounts, balances, and lifestyles are damaged.
- Companies are left unable to meet the needs of the customers that trust them.
- Governments are far less able to protect and to serve members of the public.
In short, what’s often at stake at the end of the day are ways in which members of the public go about their daily lives, both at home and everywhere else besides.
While in decades gone by cybersecurity may have been a small budget and liability line item, lost in the shuffle of “IT costs,” today it is simply too large to be treated that way. In today’s world, home life will be cyber-secure only when corporate and government life is also cyber-secure.
The Solution, However, Doesn’t
Though the ultimate impacts of cybercrime are increasingly felt both directly and indirectly by the general public, members of the public often feel powerless “at home” to directly address the issue.
Realistically, companies, government agencies, and other organizations must take the initiative to find solutions—and to date, as the problem continues to grow exponentially, they’re failing.
Here’s what hasn’t worked so far, despite decades of increasing expenditures and overhead:
- Security through obscurity—trying to hide important data, systems, or tools from attackers in hopes that what isn’t discovered won’t be attacked.
- Intricate authentication schemes—such as token-based MFA and complex password rules—that inhibit both productivity and security hygiene.
- Attempts to “embed” security into hardware—access cards, USB fobs, and assigned mobile devices—that is often specialized, cumbersome, and ultimately easy to lose.
- Anatomical biometrics tools—such as fingerprint or face scanners—that are difficult to perfect and deploy, yet easily fooled.
- “Air gapped” systems and networks—disconnected from public networks—that are hobbled yet ever more frequently compromised.
- After-the-fact cleanup—simply hoping that breeches won’t occur, then trying to clean them up when they do.
- Budgeting for breaches—trying to anticipate and “bake in” the costs and effects of presumed security events before they occur.
Most of these approaches were seen as the next great hope at one time or another, yet all of them have proven to be inadequate—even, increasingly, when placed into service alongside one another.
Happily, there are two new hopes that have emerged over the last several years. These promise to fundamentally change the cybersecurity landscape for the better.
#1: Behavioral Biometrics
The first and most important of these is behavioral biometrics, which can identify who the user of a computing resource actually is, without relying on what they know (like passwords), what they possess (like a particular phone or identity card), or what they look like (traditional biometrics).
In 2018 it’s obvious that knowledge and possessions can be lost or stolen, and that appearances—such as those of fingerprints and faces—are easily mimicked.
Instead, behavioral biometrics uses new AI strategies to monitor tiny patterns in keyboard, mouse, and touchscreen activity that are as unique as fingerprints, yet are nearly impossible to “steal” or reproduce.
Behavioral biometrics makes recognizing hackers an easy—and foolproof—process.
#2: Continuous Authentication
The second new hope, continuous authentication, is made possible by behavioral biometrics, and flips a key part of the cybersecurity script. Once patterns in regular, ongoing movement can be used to detect intruders, large stretches of unverified—and vulnerable—computing time are eliminated.
While traditional systems prompt every now and then for a password or finger scan, continuously authenticating systems are able “spot” intruders and bad actors immediately, at all times, as computation happens.
By combining behavioral biometrics and continuous authentication, what was once an anonymous and isolated step (“this user once entered the right password“) becomes a secure, identifying status (“the right person is still doing the computing here”).
In short, now that we’re able to recognize hackers definitively, we can use continuous authentication to lock them out them immediately. So why aren’t more organizations doing this?
They should be.
Making Homes a Haven Means Taking Security Seriously as a Society
Yes, all of the standard bromides apply. Consumers should choose their devices carefully and patronize companies carefully. They should choose good passwords and change them often. For now, they should enable SMS tokens when SMS-based 2FA is offered.
And so on. But let’s not kid ourselves—they can’t do this themselves.
When breaches lead to millions of mom and pop data records on the dark web or everyday public infrastructure becoming vulnerable to failure and incapacity, it’s not because mom and pop chose bad passwords—yet increasingly, mom and pop will bear the brunt of the effects.
Two things must happen to move the needle and make today’s homes cyber-secure in any way that’s meaningful:
- Organizations of all kinds must exercise leadership to quickly move toward cybersecurity solutions that aren’t simply out of date—solutions like behavioral biometrics and continuous authentication, already proven and on the market.
- The public, sitting at home, must hold both private and public leaders’ feet to the fire—to ensure that the companies they do business with and the representatives that they elect understand the issue and are adopting state-of-the-art solutions quickly.
If the projections are right, $6 trillion—that’s a third of the U.S. economy—hangs in the balance over just the next three years.
So in honor of the first week of Cybersecurity Awareness Month, let’s leave it at this: for life at home to avoid being even more affected by the proliferation of cybercrime than it already is, another Android patch and a new password just won’t get the job done. ■