The headlines make clear what many in the industry have long known to be true – cyberattacks are on the rise and traditional authentication tools, like passwords, are not up to the task of protecting sensitive account access and data in an increasingly digital world.
Take the Colonial Pipeline attack as a recent, popular example.
The ransomware attack perpetrated against the major U.S. fuel pipeline led to a $4.4 million ransom payout from the company, fuel shortages up and down the East Coast, and notable economic losses. People were hoarding as much gas as they could find, in some cases, in grocery bags.
The cause of this disruption? A compromised password. That’s all it took for the hackers to access the network, steal and encrypt data, and drop their payload. If that’s not a clear sign that the paradigm of authentication using a password is failing us, I’m not sure what is.
Increased adoption of two-factor authentication (2FA) and multi-factor authentication (MFA) have helped to make networks more secure, but still fall short of the larger call to move toward a zero trust architecture. Using these methods at the beginning of a user session does more than a standard password login to authenticate identity, but how do you know that the person who logged in that morning is the same person that is still logged in 2 hours later? How do you know if a phone enabled with MFA for an account is not compromised?
The entire paradigm the cybersecurity industry exists in no longer makes sense. That’s evident when you look at a report from Canalys that shows there were more data breaches in 2020 than the previous 15 years combined, in spite of increased cybersecurity spending.
While those within the industry know it’s broken, communicating to the larger population has posed a challenge that technology leaders will need to face head-on.
The problem of continuous authentication is one Plurilock is looking to solve with our behavioral biometrics technology. We’ve taken a novel approach on authentication completely outside of the existing framework, not only with how we assess identity using a unique digital signature assessed based on micro-patterns when using your keyboard or pointer, but in the way that we do it on a continuous basis without adding user friction.
For example, if you were login to your computer at a coffee shop and step away, leaving your device vulnerable for bad actors to access, no amount of password protection is going to help you. Our technology, which assesses identity every 3-5 seconds, would be able to detect the change in your digital signature and lock the individual out, preventing possible disaster.
The path we’ve chosen is an important one, but one that will not come easy to an industry entrenched the current framework of passwords, 2FA, and MFA. But then again, perhaps this new way of thinking is exactly what we need to combat the ever increasing sophistication of threat actors.