I’ve been working in and out of security and law enforcement for much of my life. The biggest exposures I’ve run into and the easiest ways through security have always been through the employee. Whether it was a disgruntled employee acting badly, a successful phishing or spear phishing attack, ransomware, or a compromised device the employee or executive were almost always the weak link. Even physical security breaches were often tied to employees’ badges being stolen or lost, or an employee allowing an unauthorized entry by someone tailgating them through an unmonitored electronically locked door the employee, or in this last case, the executive is the problem.
BlackBerry, after their acquisition of Cylance, gained a set of technologies marketed as “BlackBerry Intelligent Security” that would, if broadly applied, prevent most of these exploits. But similar technology could prevent against identity theft broadly and even make physical security, be it TSA or Passport Control more effective. Let me explain.
BlackBerry Intelligent Security
This is a fascinating technology in that it creates, over a period of days, a digital profile of the user. It knows how the user normally works, where they normally work from, and even the sequence of things they normally do during a normal workday. Now if someone tries to use the employee’s access from someplace the employee normally isn’t, uses a sequence of behaviors that is different from how the employee normally acts, or starts doing things (like downloading or encrypting files en masse) it will execute—by policy—protective measures which could include locking the employee out, or just requiring they reauthenticate.
The current version even knows if the employee is in a safe area and, if not, can—by policy—adjust access based on where the employee is. For instance, if there is someplace that is known to have compromised Wi-Fi or any time they are on a network the system doesn’t recognize.
But let’s move this concept forward and talk about what a digital AI-based employee image could also do in the future.
The Digital Clone
In effect, what BlackBerry Intelligent Security is approaching is a digital clone of the employee that is increasingly accurate and potentially capable of acting independently. For instance, if the system knows what an employee does repetitively every day and—given it is an AI—can make reasonable decisions it could also just do that stuff in the first place—freeing up the employee from these repetitive tasks.
In addition, should someone broadly attempt to execute identity theft, a future system could immediately block the action knowing the real person isn’t where the activity originated and that the criminal attempting the theft doesn’t behave like the victim.
For things like preventing illegal entry into a country, a system that knew a person could immediately pick up differences in how they speak, walk, even the colors they most like to wear and, again, because it would know where the real person is, and people can’t be two places at once, know that the individual attempting entry isn’t who they say they are.
Applied to criminal justice it could help prevent wrongful convictions and help connect crimes to the actual criminals without needing to see their faces or get fingerprints just by matching behaviors. Used on top of facial recognition it would perform the role of a second factor that would allow people to more securely and quickly get through security while also improving the effectiveness of that secure physical access process.
Problems like having job or schools’ candidates using third parties to take their entrance or qualifying tests could largely be eliminated because they couldn’t match the behaviors of the individuals they were replacing. This gets more interesting as the system learns typing cadence, which hand is dominant, and writing style of the individual being digitally cloned.
Finally, this data on the individual could live beyond them providing insight and skills that would remain with the firm, or the individual’s family, if a successor or family member just wanted to know how they would approach a problem. A child could, at some future point, be able to ask questions of a long dead ancestor by talking to their digital clone.
BlackBerry’s Intelligent Security is a game changer but, as it evolves and others grasp how powerful a Digital Clone could become, the technology will be used more broadly to provide even more powerful protections. Those protections could eventually outlast the individual. In a way this is the birth of a “Digital Guardian Angel” one that initially and ever more capably protects you, but eventually could extend your effective life and even help protect your children and their offspring.
Today, Intelligent Security can protect your firm. Tomorrow, it could protect your legacy.
*** This is a Security Bloggers Network syndicated blog from Security – TechSpective authored by Rob Enderle. Read the original post at: https://techspective.net/2019/08/12/blackberrys-ai-intelligent-security-has-broad-implications/