Kaspersky is aiming to future-proof its internal security strategy with policies specifically designed for its bionic devices.

Bionic devices are becoming more advanced as techniques like machine learning and optogenetics enhance their ability to replace, augment and document human biological features.

With IoT posing a constant hazard to organizations globally, Kaspersky experts sought to establish formal procedures for using bionic devices across its infrastructure. 

The aim is to enhance its workforce by permitting bionic device usage while protecting the welfare and security of employees in the office. That includes ensuring digital privacy of devices, providing different levels of access rights to stored information and mitigating threats to human health.

Kaspersky says there are legitimate fears over the scope for criminals to target bionic devices at a time when the emerging market for human augmentation continues to grow.

The company says that little attention is paid to securing bionic devices at present, with the United Nations having made the subject a key theme for its Internet Governance Forum held in Poland last week.

The precise impact of bionic devices on security is challenging to predict because there are so many factors involved, said Kaspersky’s director of global research and analysis in Europe Marco Preuss.

“It is difficult to foresee as such technologies involve so many relations and dependencies that also heavily affect threats of any kind,” Preuss told IoT World Today. “However, we need to think about development in terms of three ‘core streams:” societal impact, privacy and security. With the latter especially, we need to learn from past advancements in this sphere and take into account new abilities we created over the past few years.”

Preuss said that these core streams will then define the abilities and potential policies and enablement regarding bionic devices for and in enterprises. 

“This means that, for example, policies and guidelines should be created, but not to limit or restrict, more to enable and support and guide the use of bionic devices by all means,” he said. “This is essential in a human-technology integrated world that will impact enterprises.” 

The new policy envisages a future scenario where augmented employees are a common fixture at Kaspersky, based on real trial data using existing employee biochip implants.

These implants, which typically move based on electric signals emitted from the wearer’s muscles, form a key part of Kaspersky’s security framework, which has been designed to protect its access control system, internal processes and automated systems.

The market revenue for bionic devices could hit $7.9 billion by 2027 driven by such medical aids, with auditory bionics and cochlear implants among the biggest drivers, according to Global Market Insights.

While Kaspersky said those wearing implants wouldn’t have to pass through metal detectors when employees enter the office, the wearer must submit a valid doctor’s note to the company about their usage. 

Some bionic devices could be used for criminal ends, enabling sensitive information to be collected while concealing the real-world identity of the perpetrator. Auditory tools, for example, could be used to eavesdrop on confidential company meetings. Kaspersky requires that all bionic devices be declared to the relevant compliance team.

In a chapter dealing with the consequences of non-compliance, Kaspersky’s policy paper says maltreatment of bionic devices can lead to theft of its confidential information, reputational harm and even direct financial losses.

While bionic medical aids are expected to become more prevalent among employees in the future, more common at Kaspersky today is the NFC biochip which stores facial attributes and verifies them almost instantly when checked by a smart camera.

NFC biochips are replacing traditional key cards to enable Kaspersky employees to enter the office and through security doors that require access privileges. 

The new policy establishes procedures for NFC biochip holders, including the principle that users must follow patch update guidance so critical security fixes are promptly administered.