Biometric data obtained from selfies, fake passports and cyberattacks on data stores containing everything from fingerprints to DNA have long been top sellers on the dark web. Untraceable but very powerful in allowing attackers to access the most valuable information the victim possesses, attackers race to fine-tune their trading skills, resulting in artificial cognitive fraud for more sophisticated attacks.
However, current methods for protecting biometric data are insufficient. “Biometric authentication offers unique advantages over other credential-based methods, but concerns about new attacks and privacy pose a barrier to its adoption,” according to Gartner. Their recent study on biometric authentication notes that “concerns are growing about AI-powered deepfake attacks that could undermine biometric authentication or render it worthless.”
Last year, at his company's Zenith Live 2023 event, Zscaler CEO Jay Chaudhary told the audience that an attacker had created and launched a deepfake of his voice to extort money from the company's operations in India. VentureBeat has learned of more than a dozen cases of deepfake and biometrics-based hacking attempts against leading cybersecurity companies over the past year. They have become so prevalent that the Department of Homeland Security offers a guide on how to counter them, titled “The Growing Threats of Deep Fake Identities.” All forms of biometric data are already top sellers on the dark web. 2024 is expected to bring more biometric-based attacks targeting corporate leaders.
Why do attackers focus on senior executives first?
Nearly one in three CEOs and members of senior management have fallen victim to phishing scams, either by clicking on the same link or sending money.
C-level executives are prime targets for fake biometric and deep-deep attacks because they are four times more likely to become victims of phishing than other employees, according to Ivanti's 2023 State of Security Preparedness report. Ivanti found that phishing is the latest digital epidemic to attack the C-suite of thousands of companies.
“In 2024, there will be an increasing demand for more stringent standards focused on security, privacy, and device interaction, making our society more interconnected. Expectations of connectivity everywhere, on any device, will increase. Ivanti’s chief product officer, Srinivas Mukamala, told VentureBeat. “Organizations need to make sure they have the right infrastructure in place to enable this ubiquitous connectivity that employees have come to expect,” he said in a recent interview.
The goal: improve biometrics to secure a world of zero trust
Srivastava, “When we founded Badge, our mission was to solve one of the hardest problems in authentication by shifting the anchor of trust for digital identities to humans rather than relying on devices that could be lost or stolen,” Badge co-founder told VentureBeat during a recent interview. .
“After I lost my identity in a hack, we went back to basics. We relied on math to solve the problem and used cryptography to build a user-centric solution that lets people have their own roots of trust, rather than their devices or tokens,” she explained. “With Badge, you are your token.” “Distinguished.”
In response to the growing need for improved biometric security globally, Badge Inc. announced Recently announced the availability of patented authentication technology that makes personal identification information (PII) and biometric credential storage obsolete. Badge also announced its alliance with Okta, the latest in a series of partnerships aimed at enhancing identity and access management (IAM) for its enterprise customers.
Srivastava explained how her company's approach to biometrics eliminates the need for passwords, device redirects, and knowledge-based authentication (KBA). Badge supports one-time enrollment and authentication for any device workflow that scales across multiple threat surfaces and devices in an organization. Srivastava says her company's unique approach to biometric authentication can prove that the same human signing up is the same human authenticating to use a particular resource or device. “So what we figured out at Badge is how to share your identity across devices without storing any secrets anywhere,” she said.
What makes Badge's approach noteworthy is how it enforces the core elements of zero trust while protecting personally identifiable information, including all forms of biometric data, from attacks. The core of the platform is to preserve privacy for every app on any device without storing user secrets or personally identifiable information. Patented Badge technology allows users to quickly extract private keys using their biometrics and selection factors without the need for hardware codes or secrets. Today, Badge has clients across a wide range of industries, including banking, healthcare, retail and services.
How the badge helps promote low trust
Srivastava explained how important Badge technology is to distrust during a recent interview with VentureBeat. She explained how Badge reduces data access by not storing user secrets or personally identifiable information (PII), reducing the impact of the potential hack it supports and promoting least privileged access.
What's also clear from Badge's approach to biometric security is how strong its capabilities are in enhancing multi-factor authentication (MFA). Users can authenticate using unique factors, including biometrics, without hardware codes or secrets, Srivastava explains. Badge is also expanding to enterprises through its partnerships, adding greater value to Zero Trust frameworks. Their recent announcements with Okta and Auth0 underscore Badge's growing importance as part of broader IAM platforms and technology stacks.
Srivastava also told that VentureBeat Badge operates on a zero-knowledge encryption basis, does not trust any party with sensitive data, and provides quantum resistance for future security. This positions Badge technology as a strong contributor to any organization's Zero Trust architecture. “Badge has compelling technology to address both consumer and enterprise use cases,” said Jeremy Grant, former senior executive advisor at the National Institute of Standards and Technology (NIST).
VentureBeat's mission It is to be a digital town square for technical decision makers to gain knowledge about transformational and transactional enterprise technology. Discover our summaries.
