THE WAY BIOMETRICS AFFECTS CYBER SECURITY

Advertisements

Spread the love

Post Views: 244

This article is written by Hari Anand Singh Soni of 3ed Semester of Iswar Saran Degree College of University of Allahabad, Prayagraj.

Abstract
In the present world, privacy is a primary necessity for survival, and this generation is ready to pay any price for the protection of their privacy. It is advised that personal information never be uploaded on the internet because often we witness various social networking sites selling their users data to mighty tech giants, thereby enabling these giants to misuse such information the way they desire.
Usually, by collecting user information, they try to predict their users preferences, like:

1. What do users like to do in their free time?
2. What does the user like to wear?
3. What does the user like to eat?
4. Where do users like to visit?
5. What does the user aspire to do in the future?
6. What is the opinion of the user on a particular matter?
7. How much time does the user invest in any application, and what sort of application does the user prefer?
8. Which type of people does the user like to connect with on the internet?
9. What is the perspective of the user about any community, religion, or country?
10. What is the opinion of the user about any Political Party?
A sort of Artificial Intelligence (AI) is created for every user, which is somewhat user-oriented and displays only those posts, apps, and videos that the user likes to visit regularly. In a nutshell, it is an algorithm that is a facsimile of the user’s brain.
Rightly said, in the modern world, ‘Data is the New oil’, and it is way more precious than any other element present in today’s paradigm.
This paper intends to explain how cyber security works, its various dimensions, and its dark side. It also acknowledges how biometrics are rendering cyber security helpless and how biometrics are rendering public privacy vulnerable.
Keywords: Cyber security, various dimensions of cyber security, cyber-attack relation with security, biometric evolution, biometric making life comfortable, and biometric increasing cyber-attack.
Introduction
Cybersecurity is the method of protecting the critical and sensitive information on computers, servers, mobile devices, and electronic systems from unauthorized attacks.
Cybersecurity is also known by the name of information technology (IT) security or electronic information security.
As it is said, with great power come great responsibilities. With technological advancement, the human race has approached a zenith that it never thought of, but with these advancements have come new flaws and new challenges that are making cyber security a prime and pivotal concern. With such advancements, hackers too are developing and are becoming immune to weak cyber security, posing a threat to our cyber ecosystem. So the vaccine for Cyber Security needs to be made mighty in case any virus (a cyber-attack) attacks our Cyber spectrum.
Hackers target the user’s personal information, like
1. Name
2. Address
3. National identification numbers
4. Credit card information
And then sell these records in unauthorized or illegal digital marketplaces. Exposition of such information often leads to a loss of customer trust, the imposition of regulatory fines, and even legal action.
A report by IBM¹ (17th edition) that is based on Cyber security is titled ‘Cost of a Data Breach 2022. ‘A million-dollar race to detect and respond’ gives a deep insight into the monetary value of data breaches in the US and around the world and various tangents of data breaches. According to the report,

1. Organizations using Artificial Intelligence (AI) and automation had a 74-day shorter data breach lifespan and saved an average of US$3 million more than those who didn’t.
2. The United States of America faces the highest cost of a data breach, 5.09 million US dollars more than the global average. This is due to the presence of the biggest tech giants in the world in the US.
The average cost of a Data Breach in the United States of America is 9.44 million US dollars.
The average cost of Data Breaches at the Global level in US Dollars is 4.45 million.
3. Observing Industry Insight, the health care sector witnessed the highest data breach, the cost of data breaches surged by 42% since 2020, and for the 12th consecutive time, the healthcare industry is witnessing the highest average data breach than any other industry.
The average cost of a breach in the healthcare industry is US$10.10 million.
It is conspicuous to infer that the pandemic witnessed a colossal data breach.

4. The share of breaches caused by ransomware surged 41% in the last year (2021) and took 49 days longer than average to identify and contain. Additionally, destructive attacks increased in cost by over 430,000 US dollars.
5.45% of breaches occurred in the cloud. Organisations that had a hybrid cloud model encountered lower average data breach costs—USD 3.80 million—as compared to organisations with a public or private cloud model.
The average cost of a data breach in an organisation with private clouds stands at 4.24 million US dollars.
Whereas the Average cost of a data breach in an organisation with a public cloud stands at US$ 5.02 million,
Considering the recent report by CHECK POINT² titled ‘2023 Cyber Security Report’, highlights of the report are
1. Cyberattacks reach an all-time high during geopolitical conflicts, such as the Russia-Ukraine conflict, and regular cyberattacks are witnessed from Russia into European nations.
a) Education and Research institutions experienced the most cyber-attacks.
b) Attacks on the healthcare sector registered a 74% increase year-on-year.
c) Overall, global cyberattacks increased by 38% in 2022 compared to 2021.
2. Cloud-based network: According to this report, there has been a colossal surge in the number of attacks on cloud-based networks, which increased by 48% in 2022 as compared with 2021.
3. Detrimental use of valid tools: To neutralize the effect of advanced cybersecurity tools, hackers use those tools and operating systems that are pre-installed in the user’s system and exploit popular IT management tools that hardly pose the chance of advancing suspicion when detected.
Various Dimensions of Cybersecurity
Strong cybersecurity imbues itself with multiple layers of protection to safeguard itself from regular and complex cyber-attacks whose main aim is to pose a loss to the user or organisations by hacking into the system;
1. Destroying data
2. Fetching out valuable information
3. Disturbing the normal growth of business
4. Hampering innovation
5. Inserting viruses that infest systems with fake information
Such countermeasures are:
1. Critical infrastructure security³: It is a combination of all the national assets, systems, and networks, both tangible and intangible, that play a crucial role in the working of
A nation’s economy
B. national public health or safety
C. national security
These include critical infrastructure like the food sector, agriculture sector, transport sector (land, water, and air), supply of water, internet and communication, and public health. These sectors are needed to be immune to cyberattacks since they are the backbone of working as well as nation-building.
2. Application security⁴: Applications that are connected to the internet are most likely to be the target of hackers. The Open Worldwide Application Security Project (OWASP), which is an organisation that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security, conducted research in 2007 and found that the top 10 web applications are vulnerable to critical security flaws like
. Injection
.Broken authentication
. Misconfiguration
.Cross-site scripting
With application security, these attacks can be stopped, and this also prevents bot attacks and any malicious interaction with applications and APIs.
3. Cloud security⁵: Also known by the name cloud computing security, it is a branch of cyber security that aims to protect cloud-based data, applications, and infrastructure from both internal and external threats to organization security.
A cloud security method includes cyber security solutions, controls, policies, and services that help to protect an organization’s overall cloud deployment, such as applications, data, infrastructure, etc., against attack.
Information security is also known by the name InfoSec. It essentially involves disenabling the chances of unauthorized access to data, or the unlawful use, such as
1. Disclosure,
2. Disruption,
3. Deletion,
4. Corruption,
5. Modification,
6. Inspection,
7. Recording,
8. Devaluation of information
It also engages in actions that intend to reduce the adverse impacts of such incidents. The encrypted information may take any form, e.g., electronic or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge). Information security’s primary focus is the balanced protection of data confidentiality, integrity, and availability while focusing on efficient policy implementation, all without disturbing organizational productivity. [7] This is by and large achieved through a streamlined risk management process that involves:
• Identification of information and related assets, as well as potential threats, vulnerabilities, and impacts;
• Calculation of the risks
• Decision on how to address the rise, i.e., to avoid them, accept them, or share them
• Where there are chances of risk mitigation, relevant measures of security control are taken and such measures are implemented.
• Doctoring the work and making relevant changes as required for resolving any issue

4. End-user education: It is the primary step towards safeguarding the system from cyber-attacks. Users shall be educated not to connect any anonymous links in their system and not to insert any hardware that can probably cause a risk to the system. Users shall be educated to delete anonymous email attachments, not plug in any unidentified USB drives, and several other lessons that may protect the users from cyber hacks.

Biometrics and Cybersecurity

The traditional manner of security like passwords seems ineffective because several instances occurred wherein these could be hacked easily and predicted more since users tend to keep easy passwords to not forget. Witnessing the ineffectiveness of the password paradigm, biometric security came as a boon to all the problems and glitches that earlier systems of security possessed. This system of biometric security is adopted by many organisations and individuals as the preferred way to safeguard their cyberspace from threat possessors. Two technologies in biometric security have become mainstream:
1. Facial recognition
2. Fingerprint scanning

Every day the headline of a newspaper reads about data breaches, and small to giant organisations all suffered from this problem. As time passed, the organisations realized one principle: incumbents always need strong anti-incumbency, so they went from password systems to biometric authentication solutions, thereby saving their time, data, and money.

The industry of biometric security is growing at a rapid pace since this system has been incorporated into our daily lives. An estimate claims that the industry could be worth over $68 billion in just five years; that’s a little over £50 billion.
While there are benefits to biometrics, it’s important to weigh up every possibility.

Edge of Biometric Security⁶
Accessibility: The system of biometrics is easy to handle and operate; there’s no resetting of passwords. Once this system is implemented, it is activated on the chosen system and device.
Spoofing: The data of biometrics is safe and hard to steal or replicate; hackers find it quite difficult to crack the system protected by biometrics, and most hackers tend to avoid putting efforts into cracking the system protected by biometrics.

Deficiencies in Biometrics
Costs are extensive. As it is said, it’s not easy to tame the white elephant, the technology, and it’s hard for every organisation to employ such a system of security. This is the foremost reason why companies tend not to shift to biometric authentication.
Data Breach: Though it is difficult for hackers to replicate biometric data, this isn’t impossible for them. If a person’s password is compromised, he has the option of resetting his password, but there is no option of resetting biometrics because everyone’s identity is unique and can’t be changed.
Tracking: The whole concept of cyber security is based on the spectrum of privacy, and it’s obvious that privacy needs to be taken into consideration while implementing systems such as facial recognition, where a sensor detects the face (especially the cornea of the eyes), and when these biometrics are converted into data and stored, particularly in regions that have enough surveillance arrangements, users are always at risk of leaving a permanent digital record that could be tracked or stolen by threat actors. Governments of nations and organisations can use this data to get full information about their citizens, thus violating their privacy.

Alteration of appearance: Though this factor doesn’t sound that significant, it involves a lot of weight. When there is an injury to a figure and the biometric does not recognise the fingerprint then such circumstances could lead to lots of issues, what if someone meets an accident there is a colossal change in his facial structure and the biometric denies identifying the user’s face?? It is a well-known fact that technology is nothing but an invention of humans. If these circumstances occur and a biometric is unable to recognise a face, then how would the user be able to access his bank account or his cell phone? If his house door has such a system of biometrics, how would he be able to go inside? A physical change is something to consider when developing secure authentication. If biometric authentication were the only method in use, users could experience difficulties.
Conclusion
Biometrics is an efficient method for easing the lives of the public; it enhances their work, and they don’t have to bother about remembering their long and complex passwords; all they need to do is save their fingerprints and facial structure. With the changing technology, this system of security also needs to be improved because Biometrics is the future, and the future is biometric.

References