Creating Trust in Biometric Authentication for Identity Verification – Sabrina Gross – ESW #346
Full Audio
View Show IndexSegments
1. Creating Trust in Biometric Authentication for Identity Verification – Sabrina Gross – ESW #346
The general public has varied opinions of biometric authentication, and an increasingly reluctant relationship with it, as more and more facial recognition is forced upon us (especially those of us that travel frequently). Facial recognition doesn't work for everyone, so what other options do we have?
In this interview, we'll explore accessibility in identity verification and the viability of voice-based authentication. How big an issue are AI-powered voice imposters? How will companies like Veridas combat these threats? We'll ask all these questions and more in this ESW interview.
Announcements
Security Weekly listeners: Cyber threats are evolving — is your organization keeping up? The 2023 Cybersecurity Year in Review is Here! Uncover the latest challenges and strategic responses in CRA's 2023 Cybersecurity Year in Review – sponsored by RSA Conference. From the impact of generative AI to the risks of ransomware to navigating new SEC rulings, get ahead for 2024 with your free copy. Download the report at securityweekly.com/yearinreview2023
Guest
For the past 5 years, Sabrina has worked with global banks, telcos, and insurance companies, heading up customer success teams to streamline and supercharge their engagement. Sabrina’s background is in investigative systems, where she spent 15 years working with law enforcement agencies around EMEA which have given her the advantage of understanding the risk of fraud and balancing it with the customer experience. At Veridas, Sabrina focuses on cutting-edge technologies like biometrics that are used in preventing identity fraud.
Hosts
2. Dogs, AI, and Gyrogears (it’s a slow security news week) – ESW #346
On this segment, we talk a lot about AI, new technologies, and the future from a personal and consumer standpoint. Not a lot of enterprise-relevant stuff in the news today, but consumer products and AI will have a HUGE long-term impact, so that's how we're justifying today's topical focus ;)
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. FUNDING: Anecdotes lands $25M to expand its governance, risk management and compliance business
$25M Series B led by Glilot Capital Partners, for a total of $55M in funding. Anecdote's founders previously worked at IntSights prior to its exit to Rapid7. Anecdote is one of dozens of startups trying to easy the pain of GRC and compliance with AI and automation.
- 2. ACQUISITIONS: Snyk Acquires Runtime Data Pioneer Helios, Empowering Global AppSec Teams with Unparalleled Cloud-to-Code Risk Visibility
Not strictly a security product, Helios acquires application runtime data. Important for debugging and security alike.
- 3. ACQUISITION RUMORS: CrowdStrike in talks to buy Israeli co Flow Security
- 4. NEW PRODUCTS: OpenAI debuts ChatGPT subscription aimed at small teams
ChatGPT Teams makes it possible for dozens of folks to all work within the same ChatGPT datasets and chat histories. Sounds like a small thing, but IMO, collaboration will accelerate AI use cases and refinement within organizations (including criminal ones).
- 5. LAYOFFS: Cyber unicorn Orca Security laying off 15% of workforce
We talked about these layoffs last week, but they didn't make it into the notes, so I'm including them here.
- 6. LAYOFFS: Trend Micro lays off 2% of its global workforce
We talked about these layoffs last week, but they didn't make it into the notes, so I'm including them here.
- 7. ANALYSIS: A Year of Disruption and Resilience: The Cybersecurity Market in 2023
Mike Privette puts together a nice 2023 wrapup - summarizing and analyzing 50+ newsletters he published last year. A few highlights:
2023 at a glance:
- 684 funding rounds across 100+ unique product categories worth ~$12.7B
- 259 M&A transactions across 70+ unique product categories worth ~$40.5B
- 2023 Funding rounds decreased ~12% (from 774 in 2022), and M&A transaction volume dropped ~3% (from 266 in 2022).
- Total 2023 funding dollars dropped ~38% from the ~$20.6B in 2022, and overall M&A decreased ~21% from the ~$51.2B in 2022.
- In short, fewer companies received funding, and those that did got much smaller checks.
- AI was the clear winner in terms of category growth, with 3932% more AI-based funding than 2022.
Check out the comprehensive post for roughly 1000% more insights.
We also chatted with Mike in December to discuss some of these insights: https://youtu.be/RXMWR6IgYjI
- 8. REPORTS: Key findings from the 2024 State of AI in the Cloud report
An interesting report that focuses on cloud-based adoption of AI from Wiz.
- 9. LEARNING: Section – AI for Personal Productivity course
As promised, I'm reporting back on what I learned taking the AI for Personal Productivity course. I learned:
- how to set up LLMs to use custom instructions for everything I ask them
- that some LLMs are significantly better for some tasks than others, and vice versa
- the idea that I'd be using different LLMs for different tasks hadn't occurred to me
- Claude and Perplexity are the two I'm going to be spending a lot more time with
- the professor, Taylor Malmsheimer, suggested making a list of "high brainpower" and "high importance" tasks to assess
- then, we considered these tasks across 3 different AI roles: assistant, strategist, and creator
- she provided tons of examples and suggested prompts for each of these roles
- the examples REALLY helped - there were a ton of tasks I wouldn't have considered throwing at an AI that I actually got some really interesting results from
- analyzing data from surveys was a really compelling example
- there were a ton of great suggestions in the Zoom chat from the ~400 attendees
- one of the attendees even used an LLM to analyze the chat from the workshop, and shared the results before the end of the class!
- she urged us to try to make new habits where we've matched up some of these LLMs with time-saving workflows
- at the end of the day, it's just another tool, but an important one that rates up there with your professional network, google/wikipedia, and research reports
- She does this 2 hour workshop once a month, and it's $250! I don't get any kickbacks or anything if you sign up, but I think it's worth it. I didn't pay anything, since I pay for the annual unlimited membership
- 10. NEWSLETTERS: The Cyber Why: What We Read This Week…
A few things in last week's Cyber Why caught my attention:
- Carta, SaaS for cap table management, appears to have crossed the streams, and shut down part of their business as a result
- Startup Unicorns get redefined as $3B+ valuation???
By my count, there are 44 cybersecurity unicorns right now (I use CBInsight's data). If we move the bar up to $3B, that number goes down to 15. The other problem is that NONE of the unicorns on this list have seen a new valuation since valuations took a beating in mid-2022. We saw Cybereason lose an order of magnitude in value, and Snyk (rumored to) lose 50%, so it's anyone's guess as to which companies are or are not a unicorn on this list.
- 11. NEWSLETTERS: Rite Aid’s Facial Recognition Debacle
The latest edition of The Reformed Analyst explores a unique FTC ruling. One that bans the Rite-Aid chain of drugstores from using facial recognition technology for the next five years.
- 12. GADGETS: Can a striking design set rabbit’s r1 pocket AI apart from a gaggle of virtual assistants?
I bought one. Why is this such an interesting innovation? Also, how the hell will these new AI gadgets make money, when virtual assistants have been an absolute profit black hole for tech giants?
- 13. SQUIRREL: Clicks for iPhone Founders Edition
- 14. SQUIRREL: Gyrogear’s GyroGlove is a hand-stabilizing glove for people with tremors
- 15. SQUIRREL: Fujitsu, facing heat over UK Post Office scandal, continues to rake in billions from government deals
Incredible that a single source of bad data - a single software system - could lead to so many systematic wrongful arrests.
"...more than 700 sub-postmasters (Post Office franchisees) were wrongfully prosecuted for fraud, false accounting and theft over a 15-year period, with many imprisoned, losing their livelihoods and facing bankruptcy."
