Behavior-based user profiles can help stymie hackers
‘Devalued’ data is effective alternative to username, password for improving security
By Robert Capps, Special to ThirdCertainty
Cyber criminals make far too much money to stop perpetrating data breaches. At the same time, consumers’ laxity toward online security is unlikely to change.
It may seem like these two factors make cybersecurity impossible, but organizations still can protect their entity and their customers: They need to devalue their data. Bear with me for an explanation of what I mean by “devalue.”
There are so many threats coming from so many directions that data security is a constant, uphill battle. The fact is that every time we get it wrong, something bad happens—sometimes seriously bad. Adding insult to injury, once data has been stolen, there’s no way to get it back. When it’s gone, it’s gone.
Related infographic: Privacy concerns influence consumer loyalty
Cybersecurity today requires a proactive approach. This means observing consumer behavior with much higher fidelity. Traditionally, analysis has tended to be rather superficial. To truly understand and know the user, you need to look deeper.
This includes looking for signals you wouldn’t normally look for—how fast someone types, how hard they hit the keys, how a user interacts with a website, etc.—the types of signals that often are ignored.
Information like this, when aggregated, forms a distinctive, behavior-based user profile that is far more detailed and reliable than standards like passwords and usernames. These profiles devalue data because bad actors can’t emulate behaviors with enough fidelity to truly take control of a user’s identity.
The focus changes from the user’s username, password and perhaps location or secret question to his or her unique identifying behaviors. By putting these authenticators together into unique user profiles, fraudulent actors can’t use the data they’ve stolen.
An added benefit of behavior-based user profiles is that the incentive for criminals to steal your data is removed as well. Again, the data has been devalued. Cyber thieves will always exist, but they will always tend to take the path of least resistance and nab the loot that’s easiest to steal and offers the biggest payoff.
If you could change the scenario so that the loot is unusable and therefore worthless to them, why wouldn’t you?