Co-Authored by Fabio Hashimoto, Logicalis
Insider threats—such as credential theft, criminal insiders, or even negligent employees—are growing dramatically and represent enormous risks for all companies. This is true around the world, as low-skilled, untrained workforces become especially vulnerable to cybercriminals, putting company assets at risk. Enabling remote access to a virtual workforce, for example, can create easy targets for cyber-attack.
In response, a Latin America based team from Cisco Global Gold Certified Partner Logicalis took on the challenge of combining its security expertise and artificial intelligence skills with Cisco DevNet APIs and security technologies. The objective was to create a compelling solution to prevent insider threats. The result? The building of an offer Logicalis calls R42 Biometrics, a unique biometric solution for secure remote user authentication. This offer was so compelling that Brazil’s largest private bank, healthcare groups, and even telcos are engaged in R42 Biometrics pilots. R42—integrated with Cisco AnyConnect, ISE, and DUO—shows great promise in helping customers drastically reduce threat vectors and protect their businesses from data theft, fraud, and espionage.
The high cost of insider security incidents
According to research conducted independently by the Ponemon Institute and published in its “2020 Cost of Insider Threats Global Report,” insider-related incidents have grown 47 percent in the past two years. And 66 percent of companies experience more than 30 security incidents per year, 40 percent related to criminal activities. (See Figure 1.) By surveying 964 IT professionals from 204 large organizations, Ponemon discovered the overall cost of these incidents has reached US$2.8 million annually on average. Criminal insider acts, especially user credential thefts, are the most expensive, averaging US$755,000 and US$871,000 each.
In countries such as Brazil, for example, hacker activity is one of the highest globally, and criminal organizations operate relatively freely. And with degraded economic conditions, high employee turnover, and inadequate workforce training, security threats to enterprises are ever-expanding. In the report, researchers urge companies to take action.
Home offices are an especially difficult use case for IT to securely manage. Traditional authentication techniques such as hardened passwords and hardware tokens have proven ineffective, because they can easily be stolen or even sold by employees to criminals.
A more modern solution is to use the only type of identity proof that is hardest to steal: your biometrics information and, more precisely, your facial ID.
Using biometrics to authenticate workforce access
In 2018, only five percent of companies relied on biometric authentication for workforce access, according to Gartner. (This number is estimated to reach 70 percent by 2022.)
And according to Grand View Research, facial recognition technology—arguably the most reliable biometric method—already comprises a US$3.9 billion market, projected to grow 14.5 percent per year from 2020 to 2027 (as shown in Figure 2).
Facial recognition, paired with liveness detection technology, can be a powerful tool for any authentication workflow. However, most methods used today can be ineffective in use cases such as the remote workforce scenario. Existing techniques rely on hardware resources embedded in high-end mobile devices, which are used much less frequently globally, especially in Latin America companies. That’s where R42 Biometrics’ unique value comes to the forefront.
R42 Biometrics’ changes the game
Logicalis’ unique approach to biometric security comes from the combination of facial recognition and liveness detection technologies. We use cloud-scale technologies from our partners Microsoft, Amazon, and Saffe Payments (as shown in Figure 3), resulting in accurate and reliable validation.
The beauty of this approach lies in its simplicity. R42 Biometrics is a lightweight mobile app that can be installed on smartphones— which all employees own—that features a frontal (“selfie”) camera.
The authentication process is quite simple for end-users: scanning an on-demand QR code and taking a selfie. There is no need to perform tasks such as blinking or moving. We use a combination of cloud-based facial recognition technologies with a deep learning neural network trained to evaluate the image’s visual characteristics. Based on the accuracy of artificial intelligence from multiple systems, we generate a score for the transaction. We then use a threshold score for the back-end application to confirm the legitimacy of the user access. This process can be fine-tuned by the administrator and also evolved by integrating mobile phone information with location-based systems—allowing advanced posture and resource controls in the enterprise.
Cisco technologies give R42 Biometrics an added security edge
R42 Biometrics is natively integrated with Cisco security technologies—AnyConnect, ASA, and ISE—through APIs (as shown in Figure 4), providing a seamless and secure end-user experience. Integration with Cisco DUO as an optional layer of authentication is also available. We have created a universal solution for remote work; VPN; virtual desktop, enterprise, and cloud applications authentication mechanisms.