- Unlocking AI for NHS: Now Assist in IT Service Management
- CompTIA launches expert-level cybersecurity certification
- How Visibility Affects the Warfighter
- What WordPress users need to know about the Automattic and WP Engine conflict
- US Government Issues Cloud Security Requirements for Federal Agencies
Will decentralized identity unlock the future of identity protection?
All eyes have been on AI over the last few years and how it has impacted businesses’ daily operations — both positively and negatively. It goes without saying that it’s a challenging moment for those working in digital identity and security as technology is evolving at an unprecedented pace. AI-powered cyber threats and identity attacks are about to explode at rates never seen before. According to results from a recent survey, over 40% of businesses say they expect fraud to increase significantly within the next 12 months. The time is now for a new way to think about and respond to security and identity fraud challenges. Decentralized identity — the idea of giving a digital wallet to customers, so they can personally hold and selectively share their own data — is fast becoming a strategic approach to do just that.
Understanding risk in today’s environment
Organizations and business leaders know that their companies are at risk and acknowledge that processes must be put in place to guard against identity fraud. It’s no longer a “nice to have” but a necessity to protect a company’s most important assets. In the survey mentioned above, organizations admitted they are not using proper protections against identity fraud. Almost all (97%) noted they are experiencing challenges with identity verification, and 52% are very concerned about credential compromise, followed by account takeover (50%).
That being said, nearly half (49%) admitted their current fraud prevention strategy is somewhat or not at all effective at protecting against credential compromise. Despite stronger protection solutions available, many organizations aren’t taking full advantage. What these companies do have in place right now spans a more rudimentary selection of security solutions, from the increasingly common passcode authentication to knowledge-based authentication and more.
AI’s impact on identity fraud
Identity fraud is acknowledged universally as a problem, yet often remains a vulnerability as leaders and companies struggle to implement the right methods and solutions to protect themselves. This will only get worse as AI continues to advance and evolve. Over half (54%) of IT decision-makers are very concerned that AI technology will increase identity fraud, yet 48% are not very confident they have technology in place to defend against AI attacks.
Aside from the technology itself, only 52% expressed high confidence in their ability to detect a deepfake of their CEO — revealing the increased sophistication of and lack of education surrounding AI-generated content. Anyone today understands the pain points of being asked for multiple ways of proving they are who they say they are when they log into an account or a device. Everyone wants their information to stay protected, but there’s a line to walk between convenience and protection from risk. It’s a tricky, yet necessary, balance to strike. Risk is inevitable and the best way for companies to best defend themselves is through decentralized identity.
Decentralized identity (DCI): An untapped opportunity
While only 38% of respondents have implemented a strategy to use DCI as a protection against fraud for both customers and employees, this is a 13% increase from last year. Everyone knows that identity management is a problem and that it’s getting harder to manage. Yet so many businesses are struggling. While most large organizations understand that decentralized identity presents a way out of the mess, not enough are putting things into practice. Concerns about integration and accessibility are preventing more widespread adoption, but the truth is that failing to adapt to this new approach to identity and security will only put organizations under more pressure — both financially and reputationally.
In terms of what companies can do to fight this evolving threat landscape, there are three actions for business executives to consider in their security strategy moving forward.
- Consider how DCI can form part of the organization’s wider AI response and part of the business case for digital growth and building competitive advantage.
- Engage and educate leadership teams across the organization around DCI, making the case for a digital identity strategy that includes both ‘defense’ (dealing with AI-enabled security threats) as well as ‘offense’ (delivering digital growth).
- Start now. It will take time to develop the right strategy, engage the right teams and partners and implement solutions.
As technology evolves, so does the threat landscape and the need for secure identity management. Identity fraud is a widespread issue across every sector and geography, plaguing businesses and consumers alike. With the expansion and evolution of AI-based threats, security leaders can only expect this to become more of a business-critical problem. Yet while all businesses have some levels of defense, the truth is that for many, those protections aren’t enough. With the right education, planning and partnerships, organizations can put themselves in a strong position to fight increasingly sophisticated identity and fraud attacks. This is a necessity, not a choice, as attackers seize the power of AI for their bad intentions. The more organizations can do to prepare today, the better equipped they will be to defend tomorrow.