Like what you read and curious about the conversation? Visit CISO Perspectives to get further insights into this topic. CISO Perspectives is a weekly column and podcast where Kim Jones explores the evolving landscape of cybersecurity leadership, talent, and risk—because success in cybersecurity is about people, not just technology.
Fraud and Identity
Welcome to the CISO Perspectives Weekly Briefing, where we break down this week’s conversation, providing insights into relevant research and information to help you further understand the topics discussed.
At 425 words, this briefing is about a 4-minute read.
Evolving Identity.
Managing identity has been something that organizations and security leaders have been grappling with for years. Traditionally, managing identity has been used as one of the primary ways to enforce access control across an organization and prevent unauthorized parties from accessing sensitive systems. However, this traditional approach has become an increasing liability in the modern technological landscape.
In a Keeper Security survey, surveyors found that only 27% of their respondents stated that their zero-trust measures were effectively implemented. Furthermore, 40% were not enforcing multi-factor authentication, and 34% were not revoking unused privileges.
These challenges are significant and will only continue to become more problematic with the introduction of emerging technologies, like artificial intelligence (AI). While AI can greatly improve and evolve identity and access management (IAM) solutions, these technologies are also creating significant risks.
Deepfake technologies, for instance, are being deployed to subvert traditional identity systems. The Cloud Security Alliance (CSA) noted how, as these technologies become increasingly sophisticated, “they may be used to commit various types of fraud, such as creating fake identities, forging documents, or manipulating financial records.” Furthermore, the CSA emphasized that these deepfakes can be used to undermine the integrity of an organization’s information assets by manipulating or falsifying data, such as log manipulation or database corruption.
While AI can be a powerful tool, it can also be a potential adversary. The difference lies in how organizations manage it.
Proactive AI management.
Identity management systems are critical for any organization. To better manage these systems and ensure they are secure, security leaders need to execute on key security practices. These tasks include identifying and fully inventorying all of the various AI systems that are being introduced into the organization. The security concept of “trust but verify” is critical in this AI age, as many of these services are still new and not fully secured.
Additionally, leaders must address stack weaknesses. By examining the current technology stack, leaders can identify areas where there is continuous, unearned, persistent trust with AI services.
Finally, leaders must be realistic as AI cannot be blocked. AI’s value makes that virtually impossible. The right approach is to acknowledge AI’s inherent risk, incorporate its systems into its security governance structure, and utilize identity controls that are as evolved as these emerging technologies.
Managing identities has always been challenging. In this modern era, it is becoming mandatory. Organizations that stay ahead of these processes by inventorying, verifying, and adapting will be able to both maintain security and trust.