When All Behavior Is Abnormal, How Do We Detect Anomalies?

Identifying normal behavior baselines is essential to behavior-based authentication. However, with COVID-19 upending all aspects of life, is it possible to build baselines and measure normal patterns when nothing at all seems normal?

We log into work in the morning, usually between 0900 and 0915. We log into mail, the collaboration system, then the business applications. The place we log in from, the time we start work, and the sequence of logins form a unique pattern. And unique patterns can be useful as authentication factors. Right now there’s a possible problem, though: How do you establish “normal” behaviors in an utterly abnormal time?

The issues around behavior-based authentication echo larger IT behavior issues of the moment. “During times of crisis, behavior can be overwhelmed by stress and especially by disruption to daily routines,” says Daniel Norman, research analyst at the Information Security Forum. “The COVID-19 lockdown has demonstrated the requirement for organizations to manage behavior effectively or face disruption from a growing range of security threats, both from outside and within the business.”