With digital identity and security becoming a prominent issue for organisations and consumers all over the world, use of biometrics technology is growing across a range of industries. According to Transparency Market Research, the biometrics market is predicted to reach $23.3 billion in revenues by 2019.
With its ability to identify people by physical or behavioural attributes, biometrics adds an additional layer of security to help improve defences and ensure data protection. From our viewpoint, we can see businesses are beginning to recognise the immediate impact biometrics can make, as more and more embed it into their products and services.
There are three key industry and social developments that are driving this trend today:
- Fears around security have led to the banking industry finding new ways to strengthen defences. High profile attacks in the media, such as the recent Beautiful People attack, around fraud and identity has led IT managers to question current security measures and explore other options.
- Consumers are also becoming more familiar with biometric technology. From Apple’s iPhone fingerprint scanner to biometric passports – as society becomes more educated about this form of technology, we are becoming more confident in biometrics. As we become more exposed to biometric technology, our familiarity with it will continue to grow until it is viewed as a ‘must have’ security option.
- Finally – the speed and accuracy of biometrics have all improved over the last few years, along with falling costs. This has made the roll-out of biometric solutions much more viable.
Attacks are only going to get worse
Why do business need to act? It’s hard to ignore that cyber-attacks are growing in frequency and complexity. According to recent research by the UK Government, two thirds of large businesses have been hit by a cyber breach in the last year. Because of this, businesses need to realise that biometrics is just one part of a security solution and should work as an extra layer on top of existing security infrastructure. There’s no point putting a bigger lock on the front door if you’re going to leave the windows wide open.
Another big part of this is understanding the risk profile of an organisation. The time and effort that a criminal will put into stealing £20 is very different to the time and effort they will put in to steal £20 million. A business’ security needs to reflect this.
What is a risk profile?
Every organisation should try and understand their level of risk for various parts of their business, as different tasks or functions within the same organisation can have different risk profiles. This risk may not just be financial but can also include reputational or even national security. The theft of personnel files becomes significantly greater when the organisation they are stolen from is the federal agency responsible for security clearances, for instance.
In a financial or commercial sense the risk can be easier to determine because it often comes down to money. Questions which need to be asked include: how much money can I lose due to unauthorised access? How much business will I lose if customers lose faith in me as a provider? And will I be open to further litigation, and cost, if I am seen to be negligent with security? The greater the financial risk, the higher the risk profile.
Improving an organisation’s risk profile
So how can organisations improve their risk profile? By understanding both the level of risk – this may not be the same across all activities the company performs – and the different security levels and costs of the various biometrics out there. It then requires a cost/benefit analysis. How much am I willing to spend to cover the potential loss?
A financial institute or payment provider is unlikely to spend hundreds of pounds per customer to send everyone a highly secure biometric scanner if the average money value per transaction is quite low. However, it may send them to customers or staff that routinely perform million dollar transactions. The risk of significant loss has increased and so the appetite to spend more to achieve a more secure solution has also increased.
Another important aspect is understanding how to layer security for different risk profiles. A multifactor approach to security, where additional factors are added depending on risk level, is more secure than a single factor solution. Traditional factors such as, something you know (password or PIN), something you have (token or smart card) and something you are (biometrics) are now being used with newer factors that can be leveraged with smartphones and social networks, for example somewhere you are (GPS), when it happened (after work hours) and someone you know (social footprint).
Whilst using a fingerprint or PIN may be convenient for a £20 purchase near home, a £2000 purchase or a transaction out of country may require an additional factor to authorize, increasing the security layers. This type of layering can go all the way up to solutions like PalmSecure Match ID combined with PIN/Password and time or location checking. In addition, adding the right biometrics to an existing solution can greatly increase security.
Looking to the future, awareness and acceptance of biometric technologies will continue to grow as it becomes the solution to protecting many industries today. From finger-print to voice recognition and palm vein – many of these technologies are already becoming embedded with our everyday lives.
However, while the security advantages of biometrics will continue to be recognised, it is important that organisations use it as part of a wider security programme. Understanding their risk profile is a good start in helping to improve a company’s defences.
Organisations need to act now to secure their business and keep up in a constantly changing landscape: find out more from Fujitsu here. Follow Fujitsu on Twitter here @Fujitsu_NI