Biometrics and Cyber Security

With new technological advancements come new flaws and challenges, making cyber security a prime concern. Along with these advancements, we mustn’t forget that hackers are also evolving and continue to pose a threat to cyberspace. Due to conventional methods of security, such as passwords, proven ineffective, biometric security is being adopted among many organisations and individuals as the preferred way to safeguard their cyberspace from threat actors. Technologies such as facial recognition and fingerprint scanning have become mainstream.  

Each day it would seem that there are more reports of data breaches, to both large and small organisations. As these events continue to unfold organisations are realising that they need to rapidly engage with new security measures. Companies are now turning away from passwords and looking towards biometric authentication solutions, without thinking every ramification through. Whilst there are definitely benefits in biometrics, it’s important to weigh up every possibility.   

The biometrics industry is growing at an exponential rate as we continue to incorporate it into our daily lives. It’s estimated that the industry could be worth over $68 billion in just five years, that’s a little over £50 billion.  

Benefits of Biometrics 

• Convenience - Thanks to biometrics, there’s no resetting or forgetting passwords. Once the biometrics are activated they’re done and implemented into the chosen system or device 
• Spoofing - Biometric data is incredibly challenging to steal or fake, hackers may be unable or unwilling to put effort into cracking a biometric security system  

Drawbacks of Biometrics 

• Costs - Unsurprisingly, advanced systems require significant investments and many organisations can’t afford the cost of implementation. It’s the most prominent reason why companies aren’t adopting biometric authentication 
• Data Breaches - Whilst it’s difficult for hackers to replicate biometric data, it isn’t completely impossible. If a person's biometric data is compromised, there’s no replacing it. Unlike passwords, biometrics are irreplaceable because everyone's biometric identity is unique and can’t be changed 
• Tracking - Privacy needs to be taken into consideration when implementing systems such as facial recognition. When biometrics are converted into data and stored, particularly in regions that have considerable surveillance measures, users run the risk of leaving a permanent digital record that could be tracked by threat actors. Organisations and governments can use facial-recognition software to track and identify individuals with disturbing accuracy - this severely inhibits privacy 
• Appearance - Although not at the forefront of concerns regarding biometrics, a physical change is something to consider when developing secure authentication. From a small injury to a finger, to a more drastic change to facial structure from an accident, changes in biomarkers can occur. If biometric authentication were the only method in use, users could experience difficulties          

Is Biometric Security Immune to Attack? 

While biometrics are especially difficult to fake, organisations and individuals need to be aware of the fact that biometric security isn’t impenetrable. There are a few different ways that cybercriminals can extract biometric data that everyone should be aware of. For example, facial recognition and fingerprint scanning can be penetrated by what’s known as a presentation attack, wherein hackers try to spoof or steal biometric data. The tools used to conduct presentation attacks are known as Presentation Attack Instruments (PAI). 

An example of a presentation attack is the use of a fingerprint of the individual enrolled in a system. If captured, their fingerprint can be used to make a matching artefact. Another example is the use of a covertly taken photo of a target that can be used to unlock a system with facial recognition. 

As much as biometric security is a step in the right direction to protect your systems, it should not be a standalone technique but rather an extra layer on top of your immediate defences. Even if it is unlikely that a hacker will get in. The point is, if a hacker is determined enough to get into your system, they’ll do everything possible until they succeed.  

Current Solutions 

Although the concept is appealing, biometric solutions are far from being a complete fix for cyber security. Instead of relying solely on biometric security, it should be used diligently and in conjunction with common authentication methods. A layered approach will yield the best results when trying to secure organisational security. Whilst getting rid of the hassles caused by passwords might seem tantalising, they’re here to stay for the time being. 

How Can Securiwiser Help Organisations? 

Securiwiser can help organisations to better understand their cyber security by providing daily scans that will monitor the security of their website, network, and systems. You will be provided with grades based on how well each aspect of your security is performing and given advice on how to improve your security. You will also get a report on your cyber security; explaining any issues in detail and told where to find help should you be unable to remedy any problems on your own.