The tendency for people to be creatures of habit is being put to good use in the cybersecurity industry, thanks to new identification software that uses typical login times and locations, keystroke dynamics and in-app behaviour to verify if someone is who they say they are.
It's one of a series of innovations being developed by European businesses who are keen to claim their share of a growing cybersecurity market.
Czech-based cybersecurity firm ThreatMark has been developing advanced fraud-detection systems to protect digital transactions using machine learning and tailored algorithms to spot advanced threats and unusual behaviour.
It collects information from our computer and mobile phone to learn typical behaviour based on the devices we use, such as login times and locations, keystroke dynamics and movement characteristics. It also analyses where on the screen we usually click on the login buttons, how we interact when providing input and how we typically behave within our applications.
‘Combining this information with other data, perhaps your heart rate from a smart watch, for example, and location data for your other devices, it could be possible in the near future to authenticate you even without using a password,’ said the firm's chief executive Michal Tresner.
Integrating this approach with ThreatMark’s complex fraud prevention and detection software can expose anomalies in real time, triggering firewalls or rapidly blocking suspicious users or transactions.
The company has several patents in the works and its monitoring system has won interest from several European banks, with more expected to sign up this year.
The threat from cybercriminals shows no sign of abating, opening up opportunities for European companies to develop new tools to fight against threats – and win a greater share of one of the fastest growing markets in the IT sector. Analysts predict that global spending in cybersecurity will be well over EUR 100 billion a year by 2021.
According to a 2016 report by the European Cybersecurity Industry Leaders (ECIL), the EU is the most trusted area in the world when it comes to data security and privacy, giving the region a competitive advantage.
But success is not a given. The cybersecurity industry in Europe, which currently accounts for about a quarter of the global market, is growing by around 6 % a year compared to growth of 8 % for the market as a whole.
One of the aims of the European Cyber Security Organisation (ECSO) – the association implementing a cybersecurity public-private partnership set up by the EU in 2016 – is to create connections between industry players, national public authorities and users of cybersecurity solutions to identify priorities and increase collaboration in research and innovation.
That connection – particularly between providers and end-users – is crucial if Europe is to grow the industry and take its right place in the market, says Tresner. He sees scope for business-to-business platforms or events to introduce small- and medium-sized firms like ThreatMark to potential clients.
‘The possibility to match customers with the supplier is the most important thing we see for boosting the industry,’ Tresner said. ‘This is even more valuable than money.’ ‘Technical experts in cybersecurity are very hard to come by.’ Robert Gupta, Secon Cyber Security, UK
‘Technical experts in cybersecurity are very hard to come by.’
Robert Gupta, Secon Cyber Security, UK
Dr Volker Scheidemann of German cybersecurity company Applied Security (apsec), says the industry must also encourage the use of cybersecurity tools as an integral part of computer systems. While most banks, big companies and public authorities are aware of the need for cybersecurity, many other businesses do not give it priority.
‘It should be like a car safety belt – an essential part of a modern vehicle, rather than an add-on,’ he said.
EU funding has helped apsec and its Swedish partners, foreseeti, to develop a security system called CyberWiz, where users set up a model IT network and carry out various kinds of simulated attacks. That gives a picture of the whole network, exposes weak points and can trace knock-on effects.
CyberWiz also estimates how long the network can withstand a sustained attack without being critically damaged.
It is especially useful for analysing complex arrangements such as critical infrastructure and has already been used for this by municipal authorities in Aschaffenburg, Germany.
Scheidemann said he believes such tools will become standard in the next few years.
‘This brings a new, engineering-type approach to IT security,’ he said, adding: ‘The days of trying to analyse such complex systems manually is over.’
In a fast-changing industry, making sure people have the right skills for employment in the cybersecurity industry is also key to market growth.
Robert Gupta, chief executive of Secon Cyber Security, UK, says this is especially important in the small- and medium-sized sector.
‘In general, there is a lack of the right skills and when you are recruiting, technical experts in cybersecurity are very hard to come by,’ he said.
Secon’s ConnectProtect project, supported by EU funding, showed how a remote incident-response platform could help small- and medium-sized businesses to combat attacks and security threats – at a more reasonable cost.
‘Many large businesses are able to take care of their own IT security, or can afford to outsource these tasks to the big providers, but the cost is often beyond the budget of smaller or medium-sized firms,’ Gupta said.
Through such a system and economies of scale for cybersecurity software licences, he sees the total cost of security coming down dramatically for small businesses – perhaps by as much as 75 % per member of staff.
‘The system can also provide an incident response remotely, so the customer will have minimal notification. Perhaps if there is an attack it will be fixed before the customer is even aware of it,’ Gupta said.
In order to better equip Europe against cyber attacks and strengthen the cybersecurity sector’s competitiveness, the EU is investing EUR 450 million in a public-private partnership on cybersecurity.
This funding is expected to trigger EUR 1.8 billion of private investment by 2020.
The EU is also looking into setting up pan-European certification for cybersecurity products so they don’t have to be approved separately in different Member States.
If you liked this article, please consider sharing it on social media.
The big data explosion, which allows scientists to analyse factors such as people’s lifestyles, genes and medical records to develop personalised treatments for conditions, has so far mostly benefitted rare diseases with simple causes. But now, complex problems such as cardiovascular disease and dementia are getting the big data treatment.
An analysis of a newly cleaned-up dataset tracking Europe’s air pollution has revealed that nitrogen dioxide levels are on a steeper downward trend than previously thought, according to Dr Folkert Boersma from the Royal Netherlands Meteorological Institute, who says that ensuring the quality of Earth observation data can reveal new insights into climate change.
Earthworms and tiny water fleas could help deliver clean water to billions of people living in remote areas of the world by eating up sewage and other pollution.
A sister and brother who created shock-activated protective gear featuring a starch liquid for people who in-line skate, motorcycle and do other risky sports, won one of the three first prizes at this year’s European Union Contest for Young Scientists (EUCYS).
Biofilters offer in-situ low-maintenance ways of treating wastewater.
Winners from Germany and Canada take home top prizes.
Electric cars with liquid batteries could be charged in minutes, says Prof. Cronin.