A lesson in cyber security from the death of the iPhone’s home button
What can companies learn from Apple’s decision to do away with its home button on the iPhone? Incorporate biometrics as a cyber security solution
As expected, Apple recently introduced a handful of new features, with the launch of iPhone Xs, Xs Max, and Xr. Alongside fancy Liquid Retina and Super Retina screens, and speedier A12 bionic processor, the trio of new iPhones interestingly dropped one of iPhone’s iconic fixtures, the home button.
The absence of the home button underscores Apple’s move to focus on its biometric authentication feature instead – the Face ID.
It is interesting to note that while biometrics incorporated into Internet of Things is becoming more commonplace, the same cannot be said for biometrics being integrated as a cybersecurity solution for enterprises.
According to Palo Alto Networks’ State of Cybersecurity in Asia Pacific Report, biometrics is in fact one of the least popular solutions among organisations, alongside solutions such as two-factor authentication and anti-ransomware solutions.
Organisations say they find it challenging to keep up with evolving cyber security solutions despite having increased cyber security budgets.
Yet the sophistication of techniques that cyber criminals employ today has made it easier to steal usernames and passwords, which they can then use to test on thousands of different sites.
There is a need for organisations and employees alike to strengthen their cyber security posture – passwords can no longer be the sole tool used for credentials and authentication as this highly increases the risk for identity theft and/or a significant data breach.
One of the ways in which cyber security can be strengthened is by enhancing identity proofing and authentication solutions, and this means going beyond traditional authentication methods such as usernames and passwords.
Adopting a two-factor, or better still, a multi-factor authentication, will greatly lessen the risk for credential-based attacks.
Such authentication methods can be thought of as three levels: something you know, something you are, and something you have.
Passwords, in this case, fall into the category of something you know, though it is worth noting that time and care should still be taken to manage passwords properly and to not keep using the same word and character patterns over and over again.
Taking a leaf out of Apple’s book, organisations should look into incorporating biometrics into their cyber security solutions in the category of “something you are”.
While the combination of these security measures may not create the ultimate perfect solution, biometric authentication is generally an improvement from an approach that relies only on usernames and passwords.
The level of security is also much higher when biometrics is one of the authentication technologies as the risk of a biometric scan being spoofed is much lower than a password or a token.
Biometrics may be costlier compared to the other forms of cyber security solutions, but this investment can go a long way in adding another layer of protection for organisations.
Its adoption should also be based on circumstances – while a simple login could suffice for simple transactions, a multifactor authentication including biometrics might be required for certain actions, such as approvals for large financial transactions.
Biometrics is already being used in so many verticals and will be the new normal way that we interact with our phones moving forward.
There is no escaping that with time, biometrics will become even more mainstream and will be a part of everything we do.
Of course, as with all cybersecurity solutions, biometrics also brings with it some caveats and new risks.
This includes privacy concerns as Personal Identifiable Information is involved.
There might be concerns around how these data are being collected, shared and secured as these data can also be a target for cyber criminals.
As biometric technologies depend on probabilities and confidence score, there are also risks that the systems can be spoofed by say, a photo. Therefore, it is always best for biometrics to work in conjunction with other security measures.
This is where “something you have”, such as a security token, can be part of the authentication process.
This can be used as an additional safety measure, particularly for employees who have access to sensitive company data.
A prevention-first approach to cyber security reduces the threat of vital information being stolen, which is especially important at a time where an increasing number of crucial information are being stored online.
ABOUT THE AUTHOR:
Vicky Ray is principal researcher at Unit 42 Palo Alto Networks, an American multinational cyber security company. Unit 42 is the firm’s threat intelligence unit.