Biometrics contain sensitive user information, and businesses at every stage are failing to secure data. According to a recent Kaspersky report, more than 33% of the systems that handle biometric data were hit by at least 1 malware infection during the third quarter of 2019.

Biometrics demand a more secure and easier way to protect sensitive user data; a biometric scan contains various forms of data that will include fingerprint, face photo, or even the voice of the user. It supports the users in accessing varied data on the business database or even gaining entry to a restricted area. What makes an attack on biometry to be one of the critical aspects of an organization? It can compromise the complete infrastructure without even entering the systems or leaving a trace.

Organizations need to answer: are the computers that collect, process, and store biometric data secure? And if not, how businesses can implement a solution to protect all the data? Kaspersky report has defined various safeguards that can be implemented to protect servers and workstations, which contain biometric data.

In the third quarter of 2019, approximately 37% of the computers monitored by Kaspersky software were hit by at least 1 malware infection. According to the study, 5.4% of the threats detected and blocked were modern remote-access Trojans, 5.1% were malware used in phishing attacks, 1.9% were ransomware, and 1.5% were Trojan bankers.

The internet is becoming the top source of malware attacks accounting for 14.4% of the infections analyzed and blocked by Kaspersky. These types of attacks include various threats found on phishing and malicious websites, and even from several web-based email services. Removable media was the perpetrator in 8% of the attacks discovered, and most of such devices distributed worms. Once the worms are distributed in the system, they can download spyware, ransomware, and remote access Trojans.

Email threats rank the third (currently accounting for 6.1% of the attacks in the biometric infrastructure)—and these were usual phishing emails that came with counterfeit messages from certain e-commerce websites regarding the delivery of goods and services or the payment of invoices. In many email hack cases, Microsoft documents contained malicious codes or links to malicious websites.

Kirill Kruglov, Senior Security Expert, Kaspersky ICS CERT, mentioned in a press release that the company’s research shows that the existing situation with biometric data security is critical. Businesses and government regulators need to define where they would invest in terms of information security.   The customers need to be cautious, whereby they need to prepare for the infection caused by the malware.  

Organizations should negate the effect of Internet attacks by limiting their exposure. No device that has either wired or wireless access to the internet should be connected to the biometric workstations. There is a need to ensure that all the necessary protocols are in place, train the employees to follow best practices, regularly conduct security audits to eliminate the vulnerabilities, and implement tactical threat intelligence to all security teams.


Looming cyber threats on data are bringing new challenges for organizations. It affecting the biometric database is a bigger threat because it results in security threats not only at an infrastructure level but even at the physical level resulted by manipulation. 
To know more about cybersecurity for a biometric workstation, you can download our latest whitepapers on Security.