Taking Stock of Identity Solutions in the Age of AI
Artificial intelligence (AI) makes cybercriminals smarter. But AI makes us smarter, too – when we enact the policies that can foil it.
As security professionals, we know that we can’t protect against everything. Some detection methods are noisy or alert the bad actor to your presence, forcing them to pivot to a novel way to circumvent detection methods. Today, we are just beginning to see how advanced machine learning can penetrate established identity verification methods.
While there will be challenges ahead, it’s evident that security professionals can use identity threat detection and response (ITDR) and decentralized identity (DCI) in conjunction to combat security threats in the age of AI.
The Nefarious Side of AI
While AI has certainly exploded in the media and is now in the hands of everyday users in light of tools like ChatGPT, it’s not a new technology. Identity solutions providers are quite aware of the threats AI poses; however, most basic identity security practices are behind the curve. For instance, biometrics were a step forward for security as it requires something unique to the individual vs. something easily guessed or stolen like a password. But cybercriminals are now using machine learning and AI to circumvent these more advanced identity controls, calling for a redefinition of ‘secure’ and an ongoing game of cat and mouse.
And AI voice-mimicking technology is accessible to everyone. There’s literally an app (actually several apps) for that. Banks and call centers used to favor voice verification as a nearly uncrackable companion of other identity verification methods like adaptive authentication and SMS and email OTP. Now, bad actors can use AI voice apps to manipulate authentic voice recordings – which they can farm from spam calls or social media videos – to say whatever they need them to say. Vendors using biometrics are building safeguards to combat AI-powered voice generation, but it still boils down to an escalation game between vendors and cybercriminals.
In phishing schemes, volume is the name of the game, and AI intensifies phishers’ quality and sophistication of their attacks. The laughable typos and poor grammar of phishers’ paltry attempts are now a thing of the past with the assistance of AI content generation.
Solutions to Guard Centralized IAM Systems
The Equifax breach of 2017 might seem like old news, but the fact is that there are many government agencies and businesses that still rely on massive centralized data stores. With this model, it’s becoming increasingly more difficult – and risky – to carry on with these huge silos of sensitive information given the proliferation of AI.
Organizations must enact iron-clad policies to supplement their centralized identity access management (IAM) systems. Considering how much smarter AI becomes by the day, ITDR and DCI are two practices that, when used together, may keep data safe in this new paradigm.
ITDR practices carefully monitor an organization’s IT network for suspicious and anomalous activity. It’s a crucial component of any zero trust initiative but cannot be relied upon as a standalone solution, as it’s more of a reactive approach to IAM security. ITDR fails in guarding sensitive information because when the system detects a threat, it means the security team already has a problem on its hands and must scramble to rectify it. Sometimes, it’s too late to respond. Then, teams are tasked with the clean-up.
However, when teams pair ITDR with DCI, the two policies keep perimeters much more secure than either of them used alone. DCI reduces an organization’s reliance on centralized data systems, plus it improves security and better protects data in the event of a database breach. It achieves this because identity verification requires a minted credential instead of personal information that’s stored within the centralized IAM database. These credentials are cryptographically verified to ensure the authenticity and integrity of the user, allowing tamper-proof and secure authentication.
View DCI as your vanguard and ITDR as the cavalry. DCI is the intimidating front-line defense that can scare off a cybercriminal attempting a hack, as they’re not likely to break through. If a bad actor does bypass DCI safeguards, ITDR can detect the threat and eliminate it.
The Age of AI is Here
AI is here to stay. It behooves organizations to adapt their security policies now to stay ahead of the evolution of technology, especially when in the hands of cybercriminals. Centralized IAM systems are juicy targets, so organizations that store huge amounts of data must reevaluate their policies to protect customer and company secrets. An excellent way to do so is with a zero-trust environment supplemented by ITDR and DCI.
At times, are AI’s capabilities unsettling? Certainly, but security teams are more than capable of shoring up their defense against this new frontier of cybersecurity threats.
