Andy Cease, Director of Product Marketing at Entrust, discusses how businesses can mitigate the negative impact of AI on cybersecurity.
In today’s digital landscape, the impact of AI on cybersecurity is transforming the methods we use to secure digital platforms.
The impact of AI on cybersecurity is a double-edged sword, presenting attackers with sophisticated new strategies to target organisations while also equipping businesses with more robust defensive mechanisms.
However, without continuous alertness and commitment to security best practices, businesses risk falling prey to the surge of attacks bolstered by AI.
Intensifying existing threats and introducing new ones
With the boom in user-friendly generative AI, we’re entering a phase where AI-driven threats are increasingly prevalent. While AI has the potential to introduce a vast array of novel attack techniques, it’s the traditional methods that AI is currently amplifying. Consider phishing, a simple yet common tool in any cybercriminal’s toolkit.
AI-powered phishing is poised to exceed traditional methods as generative AI systems grow more advanced. This means more authentic-looking phishing emails crafted with more sophisticated language and disseminated in greater numbers. The typical signs of a fraudulent email are becoming less obvious as LLMs facilitate the quick creation of high-quality content, with computing power really the only constraint on attack volume.
The impact of AI on cybersecurity jeopardises all sectors, particularly government, banking, and financial services – areas handling extremely sensitive data for billions of consumers worldwide. The data is startling – US banks have observed a 43% surge in fraud attacks year over year.
The complexity includes novel attack methods like deep fakes and synthetic identities. According to reports, there’s been a 10x increase in the number of deepfakes detected across all industries from 2022 to 2023.
This can only be expected to continue to skyrocket as technology becomes more accessible. In the healthcare sector, for example, synthetic identities can be used to create fake patient records or impersonate individuals for fraudulent claims. Similarly, in retail, synthetic identities can lead to credit card fraud and unauthorised transactions.
Reinforcing identity security and digital defences
Central to thwarting AI-driven threats is the enhancement of identity security. As IDs become entirely digital, the risk of AI attacks correspondingly increases. Decentralised identity systems are one method that can significantly empower individuals.
These systems grant individuals full ownership and control of their identity and associated attributes. All information forming an identity is encrypted, signed, and safeguarded with digital keys, which confirm an individual’s identity without exposing sensitive details to external parties.
Organisations such as employers, governments, and retailers do not store critical user identity attributes; users keep all encrypted identity-related information in a digital wallet on a hardware-protected area of their mobile device.
However, organisations must develop robust verification methods to adopt this user-controlled identity management approach, including knowledge-based, document, biometric, and device authentications. Fortunately, technology has advanced to such a degree that this paradigm shift is now possible. Take biometrics, for instance. This encompasses methods such as facial recognition, fingerprinting, and iris scanning, offering swift and precise identity verification.
Facial recognition technology, in particular, has advanced significantly in recent years. Facial biometrics are now lauded for high accuracy and ease of use, adeptly performing tasks like face matching to identity documents and liveness detection, ensuring individuals are indeed who they claim to be. This development is revolutionising various fields, including travel, which has transformed the passenger experience by enabling seamless and secure transit. It is also employed in sectors like banking for secure transactions, smartphones for unlocking devices, and surveillance systems to enhance public safety.
Could the impact of AI on cybersecurity actually be defensive?
While the impact of AI on cybersecurity may herald a new level of cyber risk, it is also a key player in defending against threats.
For instance, AI can play a vital role in refining user authentication by analysing behavioural patterns to detect unauthorised access, thereby adding a layer of security that adapts and responds to potential threats dynamically.
By identifying unusual patterns and anomalies in network data, AI systems can offer early warning systems for potential threats. This is particularly crucial in the fight against advanced malware, including zero-day attacks, which AI can often detect and neutralise before traditional security measures even recognise them.
The automation aspect of AI is also transformative, enabling systems to react to threats instantly and autonomously. This slashes response time to threats and limits human error in the process.
Simplifying the tech stacks
Finally, while it may seem counterintuitive, simplification is often the best form of defence. Many modern organisations are hampered by overly complex tech stacks, particularly in areas like identity verification.
This arises from the rapid adoption of diverse technologies and the integration of multiple systems and vendors over time. These bloated tech stacks create more vulnerabilities and make managing and securing systems harder.
To combat this, organisations should aim to simplify stacks by consolidating vendors and streamlining processes. This reduces potential attack surfaces and improves the user experience, making interactions more seamless and secure.
Proactivity is key
The impact of AI on cybersecurity is still formative, so change is the only certainty. However, this is not a hypothetical threat – AI is already being used to execute a high volume of attacks on organisations globally.
Therefore, our defence strategies need to become more sophisticated in turn. A proactive approach to mastering identity security is essential, and organisations need to focus on effectively integrating technologies like biometrics and behavioural analytics to proactively outmanoeuvre AI-powered threats.
