Facial features, the iris of your eyes, your voice or the way you walk. These very personal physical qualities are key parts of what is known as biometrics, a very powerful tool in today’s cyber security.
In addition to the use of fingerprints, you may have heard of facial and retinal recognition as ways to identify a person. However, you may be less familiar with the use of ear shape or hand geometry, or other biological and behavioural features such as a person’s walking motions or even body odour. All these aspects create a pattern that is unique.
Cybersecurity companies incorporate these personal patterns to design increasingly robust protection programmes. This has improved significantly with the application of new technologies in the field. The aim is to create defence mechanisms against cybercriminals to prevent identity theft and fraud.
The use of biometrics is not new. As early as the 1970s, the US company Shearson Hamil began using fingerprint identification to control access to its Wall Street facilities, making it one of the first companies to ever use this type of security system. Since then, these tools have evolved to such an extent that they are now one of the most comprehensive security systems.
It is becoming so important that even the National Police is going to implement a new biometric system as the standard. Recently, this security body has announced that, in addition to fingerprints, it is going to incorporate facial data to the electronic ID card, which is already known as DNI 4.0. This is also used by INTERPOL as part of its I-CORE technology programme for secure, accurate and automatic identification of criminals, according to the international body.
As the National Institute of Cybersecurity, INCIBE, points out in its Biometric technologies applied to cybersecurityguide, biometric characteristics must be universal, i.e. aspects that all people have. They are unique and distinguish each individual, they stay the same over time and in different environmental conditions and they can be measured quantitatively. The guide also states that in order to measure these characteristics, technologies must ensure performance with certain level of accuracy, user acceptance, and be resistant to fraud and usurpation.
Biometric technologies are applied in two phases. First, the identity and biometric parameters of each user are registered. This is followed by the authentication phase, where personal patterns previously registered and stored in a database are verified.
Uses and benefits
Among the sectors benefiting from this type of technology the most is the banking sector. The use of biometrics in the reinforced two-step authentication system prevents phishing, one of the most common forms of online fraud. In this way, even if cybercriminals have data on a potential victim, identification through biometric elements would prevent such impersonation.
One area that is widespread and common to all types of users is the protection of mobile devices. The use of fingerprint or facial recognition in smartphones is widely known. Other fields of application are company access control, health care, control in public areas such as airports and train stations and crime investigation.
Protection of remote working
The COVID-19 pandemic has led to a strong demand for safe and secure technological solutions for all types of businesses, which have particularly benefited from the advent of remote working due to the increased security during transmission of information.
One of the most important applications of biometrics in cybersecurity is its ability to protect the data stored in the cloud. To this end, the use of Big Data, together with data analysis programmes, Artificial Intelligence and machine learning, are fundamental. This is because, on the one hand, they handle large amounts of data and, on the other, they allow security systems to learn and improve, in order to be able to determine parameters for different circumstances (for example, if glasses are used) in an increasingly precise manner.
Moreover, while security cards or passwords can be lost, forgotten or stolen, biometric traits cannot. And although the implementation of this type of security system has a high initial cost, its maintenance is not costly. However, although biometrics is already a powerful security tool, this does not mean it is without risks, such as the potential theft of biometric data from a company, or the boundaries in place regarding employee and customer privacy and the correct use of said data.