Behavior-based user profiles can help stymie hackers

‘Devalued’ data is effective alternative to username, password for improving security

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Cyber crim­i­nals make far too much mon­ey to stop per­pe­trat­ing data breach­es. At the same time, con­sumers’ lax­i­ty toward online secu­ri­ty is unlike­ly to change.

Ed note_NuData Security_Robert CappsIt may seem like these two fac­tors make cyber­se­cu­ri­ty impos­si­ble, but orga­ni­za­tions still can pro­tect their enti­ty and their cus­tomers: They need to deval­ue their data. Bear with me for an expla­na­tion of what I mean by “deval­ue.”

There are so many threats com­ing from so many direc­tions that data secu­ri­ty is a con­stant, uphill bat­tle. The fact is that every time we get it wrong, some­thing bad happens—sometimes seri­ous­ly bad. Adding insult to injury, once data has been stolen, there’s no way to get it back. When it’s gone, it’s gone.

Relat­ed info­graph­ic: Pri­va­cy con­cerns influ­ence con­sumer loyalty

Cyber­se­cu­ri­ty today requires a proac­tive approach. This means observ­ing con­sumer behav­ior with much high­er fideli­ty. Tra­di­tion­al­ly, analy­sis has tend­ed to be rather super­fi­cial. To tru­ly under­stand and know the user, you need to look deeper.

This includes look­ing for sig­nals you wouldn’t nor­mal­ly look for—how fast some­one types, how hard they hit the keys, how a user inter­acts with a web­site, etc.—the types of sig­nals that often are ignored.

Infor­ma­tion like this, when aggre­gat­ed, forms a dis­tinc­tive, behav­ior-based user pro­file that is far more detailed and reli­able than stan­dards like pass­words and user­names. These pro­files deval­ue data because bad actors can’t emu­late behav­iors with enough fideli­ty to tru­ly take con­trol of a user’s identity.

The focus changes from the user’s user­name, pass­word and per­haps loca­tion or secret ques­tion to his or her unique iden­ti­fy­ing behav­iors. By putting these authen­ti­ca­tors togeth­er into unique user pro­files, fraud­u­lent actors can’t use the data they’ve stolen.

An added ben­e­fit of behav­ior-based user pro­files is that the incen­tive for crim­i­nals to steal your data is removed as well. Again, the data has been deval­ued. Cyber thieves will always exist, but they will always tend to take the path of least resis­tance and nab the loot that’s eas­i­est to steal and offers the biggest payoff.

If you could change the sce­nario so that the loot is unus­able and there­fore worth­less to them, why wouldn’t you?

More relat­ed stories:
Con­ve­nience of mobile com­put­ing comes at a secu­ri­ty cost
Embrace bio­met­rics to stay ahead of advanced cyber threats
‘Pri­va­cy by design’ restores con­trol to consumers