Another week goes by and another batch of logins and passwords is leaked on the Internet. Over the years, the industry has trained employees and consumers to assume that a password, even a complex password (how many special characters, capital letters, emoticons, etc., do we need nowadays?) is enough to keep their sensitive, personal and financial information safe.
It’s up to any organization providing an online service to ensure the integrity of customer data – including user names and passwords. So what can be done to protect against compromised information and the resulting aftermath? The answer lies in behavior: understanding the behavior of users accessing the Internet.
Heightening Security Intelligence. We are in the midst of a shift in this reference frame for Internet security. For years the industry has focused on a single event – the login (username/password) - to determine if someone has the right to access applications and assets online. We need to broaden that lens to look at everything a user does while they visit a website: before, during and after login.
Understanding a user's behavior and comparing it to their past behavior or the behavior of the broader population is a powerful technique that can detect attacks, identify when a user's account has been compromised and a whole lot more. Key to security intelligence is the ability of organizations to respond to threats in real-time to better protect against cybercrime.
Managing Mobile. With today's rising tide of mobile devices and applications, we now have an always-on meeting place to connect with members, and credit unions are also embracing mobility to simplify the user experience and enable rapid, personalized service at members’ fingertips.
Deep visibility into mobile traffic is critical to prevent against any malicious activity that may occur. With visibility into the behavioral patterns on mobile platforms, security practitioners will have the information they need to rapidly identify the threats facing today's Web-enabled platforms.
There are precedents that extend far beyond the Internet that we can learn from, but fundamentally, the fact remains that fraudsters have different online behavior that legitimate customers. For instance, casinos use behavioral analysis to detect card counters. Retail stores use behavioral analysis to detect shoplifters. El Al Airlines uses behavioral analysis to detect suspicious individuals – and this doesn't simply stop at the ID check: the bulk of the employees in Israeli airports are trained to spot behavior that is inconsistent with regular flyers.
So why wouldn’t we analyze behavioral patterns of credit union members on their mobile devices to make sure that no malicious activity is occurring without their knowledge or the credit union’s?
The reality is that passwords will continue to be compromised, accounts will continue to be hacked, and this will likely become more of an issue as web and mobile technology take over.
Monitoring Behavior to StayAhead. As recently stated by a well renowned investor, "you don't realize you are in the middle of an inflection point until you are past it." We are in the middle of an inflection point right now, where cybercriminals are more innovative than ever before and the security industry needs to take a leap forward by innovating alongside the bad guys in order to keep pace and even surpass their advancements.
If an organization is entrusted with user account information, it needs to take the right steps to make sure that the information really is protected. The best bet is to assume that attackers will get in. How are you going to identify them, and how are you going to stop them from doing any damage once they're in?
Organizations need to be able to monitor behavior to determine if anything is happening on either an individual account or an entire website population that is outside of normal behavior patterns for that person or population.
Cybercriminals are more innovative than ever before, and security teams around the world need to realize that and not only learn to keep pace, but get one step ahead. The future points towards analyzing user behavior to understand customers and stop criminals, and it's time we see more widespread adoption of this approach take root.