Cybersecurity is not a recent concern for American consumers; it has been a leading preoccupation for both businesses and individuals for years. As our society grows more reliant on complex data systems, cloud computing, and personal Internet-capable devices, our personal information is more important—and more vulnerable—than ever before.
In the wake of memorable data breaches, like Target’s customer information leak back in 2014 and the now-infamous exposure of millions of Ashley Madison users, consumers are increasingly paranoid about the potential ramifications of a network infiltration, and what defensive measures can and should be taken.
How Data Breaches Occur
The blanket term “hack” isn’t always an accurate way to describe how digital criminal infiltrate these organizations and get their hands on personal data. It’s true that sometimes, skilled programmers and computer technicians can find vulnerabilities in corporate firewalls, exploit weaknesses in system code, and pry their way into databases to retrieve this personal data. It’s a strategy much more nefarious than any link building scheme. However, it’s more common for these thieves to prey on weaknesses on a human level—for example, if one employee sets an easy-to-guess password for internal system access, that’s all it takes for an observant third party to break in. There are also reported instances of company employees selling this type of information to cyber criminals.
Defense Reinforcement and the Second Wall
Most conventional forms of increased cybersecurity deal with a “first wall”—that first instance of defense, which cybercriminals breach in order to gain personal information. For example, companies may invest in smarter, more sophisticated firewalls that make it more difficult for hackers to penetrate. Or, they may invest in employee awareness campaigns designed to prevent employees from falling victim to phishing scams or improper security procedures.
This line of defense is somewhat effective, but only as a temporary measure. Cybercriminals advance just as quickly as any form of modern technology, and no matter how much you train your employees, there will always be potential leaks.
What most people forget is that there’s a “second wall” preventing criminals from engaging in fraudulent activity. For example, let’s say a massive consumer retailer is hacked by a computer technician, who is able to retrieve the usernames, passwords, and credit card information of thousands of users. The technician can sell this information to petty thieves, who can then use this credit card information to make fraudulent purchases. Until this moment, no real damage is done.
If this “second wall” exists between the thief and an actual purchase, reinforcing that second wall can prevent any fraudulent activity, even in cases where data is accidentally leaked or purposefully stolen.
The Key to Reinforcing the Second Wall
Here, the key to security comes down to proper identification. Think about futuristic depictions of high-tech security in pop culture; in order to access a certain room of a facility, a person must enter a series of passwords, scan his/her optic nerve, and undergo a fingerprint scan in order to verify his/her identity on multiple levels. It isn’t enough to know a password or a person’s name.
This is the kind of security needed for the future of cybersecurity—not literal fingerprints (at least not yet), but some form of verifiable personal identification that can’t be easily stolen by cybercriminals. If enough e-commerce platforms can lock down criminals from making fraudulent purchases, the entire problem of cybersecurity goes away.
Some companies are already making moves to pursue this “second wall” enforcement, though not in exactly these terms. For example, BioCatch is a new system that collects and analyzes different patterns of user behavior, from the speed at which they type to the force at which they tap their screen. Using sophisticated algorithms and artificial intelligence, this system can create a profile for each user’s unique set of online behaviors, and recognize when a user engages in behavior that falls outside this set. For example, if a petty thief clicks too fast or doesn’t scroll the way the user in question does, the system would trigger a red flag, and purchases could be put on a temporary lock.
Of course, this technology is years away from being fully rolled out to e-commerce platforms and major retailers, but it represents a crucial new step in the development of cybersecurity measures. By implementing new systems of proper, unfalsifiable personal identifications, data breaches become far less valuable to cybercriminals, and petty thieves have nothing to do with any data they may acquire. In combination with “first wall” reinforcements like better firewalls, eventually, cybercrime may be a thing of the past.