How Can User Behaviour Analytics (UBA) Combat Cyber Risks?

Typing speed and mouse movements say a lot more than we realize. Find out how companies analyze user behaviour to secure data and mitigate cyber risks.

Apr 23, 2021 - 3 min.
Picture of: Sebastian Ulbert
Sebastian Ulbert

Most of the time when we hear about companies collecting data, it’s because they want to sell us stuff that we probably don’t need but will likely buy if the price is right. However, our mobile devices and desktop computers can be a source of far more valuable data. The type of data that companies need to protect against data breaches and cyber-attacks. User behaviour data.

When we browse a web page or click through an app, service providers can learn how we engage with their content and also accumulate useful data about our tastes and preferences by tracking what products, ads, and services attract our attention. Most of us are already familiar with this kind of user behaviour data. However, every time we use our devices we also provide valuable insight into our habits and patterns: how quickly and the way we type (keystroke dynamics), our mouse movements, our geolocation, our login history. And it is this data that companies are now tapping into to detect all manner of cyber risks. How are they doing it?

What is behaviour analytics?

Chances are you’ve already experienced user behaviour analytics (UBA). For example, when trying to access online accounts while on a business trip or vacation abroad. You try to log into a social media or bank account, and this triggers a verification notice. Your provider has been alerted (by your geolocation or IP address) that your login behaviour is unusual. So it takes you through one or two additional verification steps to ensure that you are indeed authorized to access your account.

In order to make this possible, service providers have to first track and collect information about your usual usage behaviour. That data can then be used to detect and analyze your patterns. This is accomplished with machine learning algorithms, which sift through all the data and can compare real-time user actions against a set of control data i.e. the accumulated information about your past behaviours and actions. Every time you perform specific actions (move your mouse, type, click on the screen), these algorithms learn more about you and how you engage with platforms and applications.

If my typing speed is suddenly slower, my login device is new, or my mouse movements are abnormal, the algorithm will detect these anomalies and create a security alert. The service provider can then perform additional security tests using adaptive authentication methods (two-factor or multi-factor authentication) to verify and authenticate my identity.

Behaviour Analytics Implemented Across Various Industries

As already mentioned, behaviour analytics has helped e-commerce retailers refine their offers based on customer engagement. It has also helped product developers create new features and grandfather content that users do not interact with.

But when it comes to cybersecurity matters, the financial sector has benefited tremendously from user behaviour analytics. Services that demand added security, like e-banking and mobile banking, rely on UBA to detect external threats and internal ones. For example, employees abuse their access privileges or even alter their credentials to gain unauthorized access to data. Once detected by the algorithms, any suspicious activity can then be further investigated.

Many security-conscious companies are also now transitioning to passwordless authentication. This option not only offers added convenience (no more lengthy and complex passwords) but also added security. Since user behaviour analytics tracks our location and type of device, service providers can make our mobile devices an integral part of the security process. This is frequently the case with mobile banking, where push notifications are sent to mobile devices (via apps) in order to authorize financial transactions.

Classifying Risks and Taking Action

Not every risk is the same. And it is essential to the user experience to not treat every risk equally. Let’s assume you’re abroad again. If a service provider’s UBA determines that your login behaviour is unusual and then proceeds to deny all your access rights, this would constitute a very bad user experience. Especially if you’re attempting to access a bank account or use a credit card. The resolutions have to match the level of threat.

This is why UBA also relies on a scoring system to assess the threat level. Higher scores trigger more intense verification and authentication measures to prevent unauthorized access. A higher-level threat might alert a company help desk or IT support. Whereas a lower-level threat may be resolved by requesting additional authentication factors (2FA/MFA).

Why should you integrate UBA?

We’ve already determined that UBA helps minimize cyber risks, protect customer and company data, and ensure a positive user experience. Beyond those benefits, UBA also cuts costs. Not only by safeguarding against the financial repercussions of a potential data breach but also by eliminating the need for unnecessary investigations into minor security threats and automating as much of the authentication and verification process as possible. 


Using (C)IAM to Comply Safely With Legislative Changes in 2022