How do Risk-Based Authentication Stop Data Breaches?

Technology is evolving every day. One thing that remains constant is the growing number of cyberattacks. Every day, systems and databases undergo identity theft, data breaches, online fraud and hacking attempts. In such a business environment, businesses are now quickly realising that simple password-based security protocols won’t suffice while providing secure data access to partners, customers and employees.

RBA, also known as risk-based authentication or adaptive authentication, is a security process that puts various levels of identification and authentication based on the accessor’s risk profile. RBA helps verify that the user asking for access permission is who they claim to be.

As the risks of data compromise increase, the process of authentication becomes more restrictive and extensive. The topmost priority of risk-based authentication is to reduce friction between the user and UI while trying to access data. Meanwhile, it also enforces robust authentication protocols whenever required. The common factors in ascertaining risk include location, the status of system antivirus software and user IP address. Risk scores help calculate risk levels associated with a single user accessing certain data. Meanwhile, risk level determines whether an attempted login is fraudulent or genuine.

How are Risk Scores Calculated?

A risk score is the leading RBA metric determining a user’s risk level. The risk level for any organisation or employee is determined by the minimum score set based on the organisation’s data protection policies. The compared scores help determine the authentication method most apt for every specific login attempt.

Several factors contribute to the risk score calculation of individuals

• Login device: Is the device attempting to log in as known or registered device? Is there biometrics that can be used for verification?
• IP reputation: Is the IP address known to be reputed or associated with cyber malpractices?
• User identity details: Is the user data shown the same as the data in the user store or directory?
• Geolocation: Is the current location of the user credible or ill-reputed? Are there entire locations that must be prevented from accessing your data? Should only specific facilities or sites grant permission?
• Geo velocity: Are the user login timing and user location in sync? Are there irregularities with their previous logins? If a user logs in from Bangalore at 11 am, they cannot log in from Delhi at 11:30 am.

Other factors that risk scores can and must include are:

• Personal characteristics: This includes the user’s time with the company, their job role in the hierarchy, history of certifications and security incidents and granted entitlements. For instance, if a user doesn’t pass the organisation’s internal security exam or succumbs to a phishing test, their two-factor authentication becomes mandatory.
• Data or app sensitivity: How sensitive or critical is the data that is being accessed? Should any systems demand a third level of authentication for specific users? For instance, interns should not get financial database access for any reason.
• The number of attempts: If you unsuccessfully attempt to access your account, it should be blocked till the tech support teams are contacted.

A risk score must combine several individuals, systems and contextual factors. Hackers can easily bypass and breach a single authentication factor.

How Does Risk-Based Authentication Work?

RBA uses real-world intelligence in real-time for a holistic view of every login’s context. It accounts for the profile of the party demanding access and evaluates its risk score by considering several factors that surround it (this includes the factors mentioned above and more) and the ultimate action they are trying to take. Based on the system’s determination of the profile, additional levels of security are applied or removed.

Leading RBA systems use ML (machine learning) algorithms to establish accepted behavioural baselines for various user groups. These ML systems then detect behavioural irregularities in real-time and categorise them into different risk levels. The security or admin teams also assign specific tasks for every risk category.

Consider geofencing as an example of RBA. Geofencing is when an enterprise implements virtual fences around geographical regions that they demand users must log in from. If the geofencing covers only the enterprise headquarters, any attempt to access the data system from beyond it will be flagged by the RBA system. It will then respond in line with additional security measures and practices.

This could mean: 

1. One time passwords sent using email or text
2. Alternate email addresses
3. Multi-factor authentication
4. Biometrics like fingerprint or face recognition
5. Answering security questions or providing security codes

With the wide range of hacking tools and computational power available, sophisticated and trained hackers can break through even the strongest fences by something as simple as guessing users’ passwords. Using risk-based authentication protects enterprise systems and data by rendering any stolen or guessed passwords useless. RBA systems are a fundamental part of any business trying to secure its personal and customer data.