The illicit trade of biometric data, sourced from manipulated selfies, fraudulent passports, and cyberattacks on data repositories containing fingerprints to DNA information, has been thriving on the dark web. Despite their untraceability, these compromised biometrics empower attackers to access victims' most sensitive information, prompting criminals to refine their methods and produce synthetic IDs for more sophisticated attacks.
Efforts to safeguard biometric data have proven inadequate, with Gartner noting concerns about novel attacks and privacy issues hindering adoption. The rising threat of AI-enabled deepfake attacks undermining or rendering biometric authentication worthless is highlighted in Gartner's recent study.
VentureBeat reveals that deepfake and biometrics-based breach attempts against major cybersecurity firms have surged in the past year. Even the Department of Homeland Security has issued a guide, "Increasing Threats of Deepfake Identities," to counter these growing threats. All forms of biometric data are highly sought after on the dark web, and 2024 is expected to witness a surge in biometrics-based attacks targeting corporate leaders.
The focus on senior executives stems from their susceptibility to phishing scams, with C-level executives being four times more likely to fall victim than other employees, as reported by Ivanti's State of Security Preparedness 2023 Report. The prevalence of whale phishing, a targeted form of phishing, further exacerbates the threat landscape for executives.
Recognizing the shortcomings in current security measures, companies like Badge Inc. are taking innovative approaches to biometric authentication. Badge's technology aims to eliminate the need for passwords, device redirects, and knowledge-based authentication. By making individuals the "token" themselves, Badge's solution enhances security and privacy by deriving private keys on-the-fly using biometrics and chosen factors, without storing secrets or personally identifiable information. The company's approach aligns with the principles of zero trust, minimizing data access, and reinforcing least privilege access.
Badge's partnerships with Okta and Auth0 indicate its growing significance in identity and access management (IAM) platforms and technology stacks. With a cryptographically zero-knowledge basis and quantum resistance for future-proof security, Badge's technology is positioned as a valuable contributor to organizations' zero-trust architectures. Jeremy Grant, former senior executive advisor at the National Institute of Standards and Technology (NIST), recognizes Badge's compelling technology for addressing both consumer and enterprise use cases.