This article was written by Hector Hoyos who is the founder and CEO at Hoyos Labs, one of the leading innovative biometrics, authentication and identification technology companies. He has been in the biometrics and IT fields since the mid-1980s as the founder and president of various cutting-edge companies.
Until now, most cyberattacks have been relatively benign. This may seem counterintuitive, as data breaches have cost companies more than $400 billion, embarrassment and credibility – and affected millions of unsuspecting individuals, who spent countless hours correcting the consequences.
What the hackers stole from Target, Sony, Ashley Madison and eBay were names, passwords and credit card details – all of which are ultimately amendable. Yet, as new biometric technologies (i.e. scanning fingerprints, face or voice recognition) are introduced and become a more widely adopted method of authentication, this could put us closer to the precipice of the “ultra-hack.”
Biometric security has significant advantages over all other forms of identification, authentication and verification
The ultra-hack is the single most dangerous and irrevocable case of identity theft, and the point of no return for cyber security.
End to End Protection
If a malware attack can cost billions of dollars to resolve for an institution, consider the consequences when complex biometric data is compromised. People cannot change their fingerprints or faces like they can with compromised passwords or logins.
There is no question, though, that biometric security has significant advantages over all other forms of identification, authentication and verification. It’s fast and easy to use; it doesn’t need a
token or fob. And unlike a login or password, which requires memorization and is easily replicable, an individual’s fingerprints, irises, facial constructs and other biological traits should be impossible to duplicate.
However, companies need end-to-end security frameworks that encrypt and protect biometric information to ensure the proper level of authentication and verification – limiting access to either data or a location.
After all, the threats to data are everywhere. For instance, people believe that, because their mobile phone is physically in their hands, the data inside is safe. To the contrary, thieves can install malware into a mobile phone without direct access. Data breaches have been similarly achieved through email, apps and even the interception of a Wi-Fi connection.
Leading security metric?
Standards also matter when dealing with biometrics. Without having proper standardization in place to clearly secure and authenticate someone’s identity in a comprehensive manner, information is left open to attack.
Consider the origins of Underwriter Laboratories: at the onset of the electrical revolution, Underwriter Laboratories was founded to test and certify the safety of any electrical device. Now, the company’s seal is ubiquitous – located on electronics around the world, assuring that a device won’t burst into flames when plugged into an outlet.
Today’s consumers are at the mercy of the companies they give their biometrics to
For biometrics, the Institute of Electrical and Electronics Engineers (IEEE) has adopted the Biometric Open Protocol Standard (BOPS) as the open source standard for biometric authentication from a mobile phone or computer. Companies can adopt technologies that allow people to safely and effectively authenticate a variety of transactions – from electronic payments and contactless ATM machines – without usernames and passwords.
In the coming years, biometrics have the potential to be the leading security metric, but a single ultra-hack could derail this progression permanently. Today’s consumers are at the mercy of the companies they give their biometrics to, and enterprises must recognize the importance of protecting biometric data.