This is some text inside of a div block.
Glitch effect
HomeBlog
Are Biometrics the Unsung Hero or the Ultimate Villain in Cybersecurity?
September 15, 2024

Are Biometrics the Unsung Hero or the Ultimate Villain in Cybersecurity?

By:
Team Huntress
|
Contributors:
Glitch effectGlitch effectGlitch effect
Glitch banner

Let's talk about something that's been making waves in everything from passports to smartwatches: biometrics. As of June 2024, 172 out of 195 countries use biometric passports. We’re unlocking our phones and laptops with our faces or fingerprints daily. JP Morgan recently rolled out its “pay by smile” feature — yeah, you heard that right.

Biometric authentication has been hailed as the ultimate security solution, something straight out of the sci-fi playbook. For decades, authors and filmmakers have teased us with systems that recognize us by sight, voice, or fingerprint. Now, it’s here. 

As powerful as biometrics can be, they also come with a flip side: the same tech that is changing the game is also introducing new risks that we can’t afford to overlook.

The Power of Biometrics

On paper, biometrics sounds like the holy grail for both cybersecurity pros and everyday users. It’s nearly impossible to fake or replicate biometric data, which significantly reduces the threat of identity theft. Plus, with multi-factor authentication becoming the norm (think fingerprints and facial recognition together), security systems are tougher than ever—just look at how airports handle border control.

Convenience is another big win. Let's face it, we've all used "password123" at some point. But with biometrics there’s no need to remember complex passwords or keep track of security keys. And any technology that speeds up verification is a clear winner.

More importantly, biometrics tackles one of the weakest links in cybersecurity: human error. With weak passwords and careless security habits opening the door for hackers, biometrics help close that gap by removing the need for users to manage passwords at all.

The Dark Side of Biometric Security: What Could Go Wrong?

But here’s where things get sticky. Just as sci-fi shows us the promise of biometrics, it also shows us how things can go sideways. Remember the joke about needing to chop someone’s finger off to steal their phone? Well, while that would be an extreme scenario, it underscores a bigger issue: the risks biometrics introduce aren’t as far-fetched as we’d like to think.

One of the biggest concerns is that biometric data is still data. It’s just as vulnerable to hacking as any other personal information. A 2023 report from the US Department of Defense flagged a serious “security blind spot” with biometrics—organizations aren’t treating this data with the heightened security it demands.

We’ve all seen the fallout when personal info like phone numbers, social security numbers, or bank details are exposed in data breaches. Now imagine the impact if biometric data—fingerprints, facial scans—were compromised. Unlike a credit card or password, you can’t just reset your face or fingerprint. And this isn’t just hypothetical - we’ve already seen the serious impact of data breaches in healthcare, like the cyberattack on a third-party pharmaceutical vendor linked to health clinics.

Sounds like another sci-fi plot? Think again.

In 2019, more than one million individuals had their biometric data exposed due to poor security on the Biostar 2 system. The breach included data from bank employees and police officers in the UK, which had been stored without encryption. Weeks later, a U.S. Customs and Border Protection subcontractor fell victim to a cyberattack, leading to sensitive traveler data being leaked on the dark web.

Fast forward to this year, and we’ve seen another breach. This time, it was an Australian company, Outabox, whose former employee leaked over a million facial recognition records from bars and nightclubs. That data is now out in the wild.

What the Industry Experts Are Saying

Biometrics may have the potential to be a cybersecurity silver bullet, but the risks are as real as the benefits. To dig deeper, we reached out to some industry experts for their take.

Masha Borak, a technology journalist at BriometricUpdate.com, highlights the risk that comes from the intersection of biometric technology and human rights:

“In a recent brief, Amnesty International highlighted the dangers that biometric systems can pose to human rights. Governments in the US and other countries have been deploying these at their borders. Amnesty International says the creation of permanent biometric records of refugees and migrants poses particular human rights concerns, such as the possibility of sharing asylum seekers’ and refugees’ data with authorities of countries from which they have fled. This could result in more persecution for them or their families.”

“Other dangers include the potential for surveillance, data breaches, restrictions to freedom of movement, discriminatory profiling, and the marginalization of certain groups. There is also the broader danger of function creep, that is, the widening use of a technology or of data beyond its initial purpose, for example, data collection by humanitarian agencies for the purpose of registration and access to services being used for migration control.”

While these human rights concerns remain pressing, other industries, such as banking, are increasingly embracing biometrics for its security advantages and user-friendly approach. Alexey Shalimov, Founder and CEO at Eastern Peak, explains how biometrics are reshaping banking authentication:

“Yes, an increasing number of banking firms and their customers are opting to have audience-driven, time-saving authorization. The good old passwords or codes are more well-known to clients, but they have the shortcomings that biometrics don’t have.” 

“Biometric authentication has shown to be more safe and user-centric than the older methods. The foundation of contemporary safety practices, it provides multiple benefits over the passwords or codes. As cyber hazards grow rampant and client expectations become higher, it combines enhanced security with elevated UX.”

The Final Word on Biometrics and Cybersecurity

Biometrics are here to stay, and while they offer a ton of benefits, they aren’t without their weaknesses. As companies scramble to adopt these systems, it’s crucial that they prioritize securing biometric data the way it deserves. Because while biometrics might close some doors to cybercriminals, they could very well open new ones if mishandled.

If you want to know how your organization can stay ahead of evolving cyber threats, let’s chat. We’ll help you defend your network like a pro.

Get in touch with our experts or learn more about our platform.

Huntress social logo

Call to Action
Blurry glitch effectGlitch effectGlitch effect
Categories
No items found.

See Huntress in action

Our platform combines a suite of powerful managed detection and response tools for endpoints and Microsoft 365 identities, science-backed security awareness training, and the expertise of our 24/7 Security Operations Center (SOC).
Share
Glitch effect

You Might Also Like

No items found.

Sign Up for Blog Updates

Subscribe today and you’ll be the first to know when new content hits the blog.

By submitting this form, you accept our Privacy Policy
Huntress at work
No items found.