You are here

COMMENTARY

How machines learn the way you use your devices can help keep you safe from cybercrime

IT'S A common plot line in many thrillers: An unsuspecting victim unlocks their front door, only to be ambushed by thugs who wreak havoc on the victim's home.

Today, many online attacks work the same way. Cybercriminals either get the victim's login credentials, or simply lie in wait for their victim to "unlock" the account themselves before taking over for their nefarious purposes.

Simply capturing a victim's login ID and passwords allows attackers to effectively steal the identity of the user, infringe on their privacy and access their funds. The continued growth of e-commerce in Asia and increasing number of online transactions, coupled with a woeful lack of cybersecurity preparedness in Asia has created a vast sea of opportunities for cybercriminals. This comes at a time when modern attack methods have enabled the compromise of even those accounts that are protected with more than just an ID and password.

Take the example of consumer banking. It is common for banks to flag potential fraud when accounts are accessed from a new location or at an unusual time of the day, leading to requests for further identity verification.

sentifi.com

Market voices on:

However, this is no longer enough.

UNIQUE FINGERPRINT

Techhnology today allows attackers to easily trick security systems that track login location and time. "Man-in-the-browser" attacks can allow perpetrators to figuratively sit right behind the victim and modify their transactions in real-time.

All this paints a rather gloomy picture of the state of cybersecurity today. It can lead one to wonder what more can be done to protect unsuspecting consumers who transact via digital platforms more than ever.

One way is to strategically leverage user behaviour analytics coupled with machine learning as a trusted ally in the battle against cybercriminals.

Just as each of us has a unique fingerprint, our way of using devices is also unique. Leveraging this is key to protecting online accounts. Behaviour analytics makes it possible to identify suspicious activity as it is much harder for attackers to successfully mimic a user's click behaviour or typing patterns as compared to time and location.

In practice, user behaviour analytics works by telling the system how the user typically behaves by collecting and analysing as much data as possible over a set period of time. Each login and user session is monitored according to numerous factors and for every transaction, a risk-score is created.

If the risk score for a particular transaction is deemed too high, the system can automatically trigger additional security measures or even stop the session entirely. This method ups the ante on security because the analysis is not limited to login. While logging in, attackers may still be able to fool the system, but if the entire session is continuously monitored, there is a significantly higher chance of anomalies and discrepancies in user behaviour being successfully detected.

SMOOTH EXPERIENCE

User behaviour analytics-based authentication solutions rely on advanced machine learning but are also flexible enough to allow for human control. This reduces false positives as security experts and risk managers can determine which risk factors would trigger additional security measures, and when the ripcord is actually pulled.

This leaves the user experience virtually undisturbed, while increasing security significantly. A smooth user experience makes users less likely to try and circumvent protective measures. This is crucial because security fails today when users do not follow the right procedures and policies.

As the online world evolves, cybercriminals will continue to look for easy targets for their own gain. Businesses should consider protecting online accounts from threats not just a priority, but also their responsibility so that consumers can enjoy all the benefits of the digital age without fear.

  • The writer is Managing Director of AdNovum Singapore.
Powered by GET.comGetCom