Threats to biometric data
The FBI launched a Cyber Most Wanted list in 2014, which featured 42 people and groups in 2018, when Park Jin Hyok topped the list. His achievements included hacking into banks, attempting to steal one billion dollars and attacking Sony Pictures Entertainment. Now that biometric data is becoming more widespread, cyber attacks could get very personal.
As biometric technology develops and becomes more accepted, more companies are using biometrics, rather than passwords, keys, cards or codes, to allow access areas to of their buildings. Biometric data is difficult to fake, making it more secure than traditional methods. However, once biometric data has been compromised, you cannot make the system secure again, so safeguarding data is vital to security, as well as to staff. There have been serious threats to biometric data that have highlighted the importance of protecting it.
Your finger on the pulse
More than one million fingerprints and other sensitive data were exposed by the biometric security firm Biostar 2 and made available online. According to BBC News, the data was left unsecured for eight days while the issue was fixed and an unknown number of days prior to its discovery. This news may have panicked companies, such as The World Bank and easyJet, which use fingerprint biometric data within their businesses. During the leak, 23 gigabytes of data, containing nearly 30 million records, such as facial recognition data and passwords were compromised.
This story highlighted that, despite the obvious benefits of fingerprint scanners, such as increased security and time and cost savings, the risks surrounding biometric data should be fully understood by those implementing and storing it.
Putting a face to the name
Fingerprint scanners are not the only form of biometric data being implemented by businesses; facial recognition is also increasing in popularity and is expected to grow to a $7.7 billion industry by 2022, according to Norton. Tesco is trialing facial recognition at its self-checkout tills to see if customers buying alcohol appear over 18 years old, saving time for employees checking identification. Tesco is also testing facial recognition at petrol pumps, allowing it to target advertising based on the customer’s age and gender, making its marketing placements more effective and tailored.
Facial recognition is also used in the 67 acres that surround Kings Cross Station and the Information Commissioner’s Office is set to inspect the facial recognition technology to check that it does not break data protection laws for the public. Manufacturers may also want to turn to facial recognition to enable access on their premises to secure their site. During the process, manufacturers should ensure that they do not infringe on privacy laws and that their systems are encrypted, to maintain the security of their employee’s biometric data.
One method used to specifically target biometric data is viruses. Eurofins Scientific, who deals with more than 70,000 criminal cases for the UK each year, including cases for the British Police, was targeted by a highly sophisticated ransomware virus. Eurofins carries out DNA testing, as well as computer forensics, toxicology analysis and firearms testing.
This is concerning as leaked DNA can cause personal data, such as the person’s medical history, to be compromised. However, this is less worrying in an industrial setting, as DNA testing would be expensive and far too slow in an emergency.
Manufacturers using biometric technology should protect their systems from hackers, like those on the FBI’s most wanted list, by combining biometrics with another form of security. Biometric authentication, such as facial recognition and fingerprint scanners are not entirely immune to attack and therefore cannot be solely relied on to verify people.
Another solution is blockchain technology, which stores data in a distributed ledger, protected by cryptography in multiple computers globally, only allowing authorised parties to access the data, securing biometric data effectively and safely. This has the added benefit of protecting employee’s personal data.
Biometric data is on the rise and businesses must be wary of the risks, as well as the rewards.