Biometric systems face growing cyber exposure, Kaspersky research finds

Kaspersky’s ICS CERT data shows biometric systems are facing higher exposure to cyber threats across Southeast Asia.

Biometric systems are becoming a routine part of how people move through buildings, access services, and verify identity. That growing reliance is also making them a frequent target for cyberattacks. Recent analysis from Kaspersky’s ICS CERT shows that biometric systems used for identity checks and access control face the highest level of malicious activity among industrial systems worldwide, with threats detected on more than a quarter of monitored systems.

Southeast Asia follows the same pattern. Nearly one in four biometric systems in the region showed signs of exposure to cyber threats. Malaysia, where biometric tools are now widely used in public services, finance, transport, healthcare, and energy facilities, reflects this trend.

The local biometric market stood at about US$135 million in 2024 and is expected to expand sharply over the next decade, driven by broader adoption across both public and private sectors.

The way these systems are attacked is often familiar. Across Southeast Asia, most threats reached biometric systems through internet connections and email. Smaller numbers came from removable media and shared network folders. These entry points are tied to common forms of malicious activity, including phishing pages, spyware, infected documents, scripts, and worms.

What stands out is that the biometric technology itself is rarely the weakest link. Instead, the surrounding computers, networks, and supporting software tend to be the main points of failure. As biometric systems are placed at the center of busy, identity-based processes, any weakness in the environment around them can expose sensitive data and disrupt operations.

Other research from Kaspersky points to a broader shift in attacker behavior. Rather than focusing only on passwords, cyber criminals are increasingly targeting data that cannot be changed. Facial images and other biometric identifiers are now being collected through advanced phishing methods, raising long-term risks for both organizations and individuals.

“As more operational environments rely on biometric verification to manage people and processes, the technologies supporting it have become deeply integrated into daily workflows. The ICS CERT findings show that much of the risk stems from the broader systems and networks, rather than the biometric components themselves. Effective cyber defense relies on understanding these interconnections, supported by threat intelligence that helps organizations preserve the integrity of their operational processes,” said Simon Tung, General Manager for ASEAN and AEC at Kaspersky.

The ICS CERT data also points to wider security gaps across operational environments in Southeast Asia. The region reports some of the world’s highest rates of self-spreading malware, including viruses and AutoCAD-related threats. These risks are often linked to poorly protected infrastructure and networks that lack proper separation between systems.

Malaysia mirrors many of these issues. It records the highest share of email-based threats affecting industrial systems in the region and shows elevated levels of spyware activity, ranking second in Southeast Asia.

To reduce risks around biometric systems, security teams are advised to keep a clear and updated inventory of operational technology assets, run regular security checks, apply patches where possible, and improve detection and response capabilities.

Building stronger skills across both IT and operational teams is also seen as an important step in handling more advanced attack methods.