40% of companies expect an increase in AI-driven digital identity attacks

Despite being an essential tool for leveraging verification solutions, Artificial Intelligence continues to raise questions. Companies fear that cybercriminals will exploit its capabilities to intensify attacks, and providers are striving to protect and educate.

T

oday, 97% of companies are still experiencing challenges with their identity verification systems (Ping Identity¹) and, as stated in the headline, up to 40% expect AI-powered attacks to increase over the next year. 

Despite the widespread interest in dedicating more investments to protection, most organisations are still not utilising all available resources to combat the consequences of phishing or account takeover.  

What we mean by AI-driven attacks 

Digital identity attacks that leverage AI to maximise their effectiveness encompass various types. They exploit the ability of artificial intelligence to process and analyse large amounts of data quickly, creating more sophisticated and harder-to-detect tactics compared to traditional methods. 

• Automated Phishing. AI can generate emails, messages, and fake websites that resemble legitimate ones, deceiving victims into revealing their login credentials. 

• Deepfakes. Using AI, fake videos and audio recordings of people can be created, making them appear real. This can be used to deceive victims or impersonate someone. Services like TrustCloud VideoID’s meticulous deepfake detection, which combines biometric analysis, AI pattern detection, and document verification, strengthen onboarding processes across any sector. 

• AI identity theft. AI can analyse large amounts of personal data from various sources to build detailed profiles, which are then used to impersonate identities and commit fraud. 

• Social engineering attacks. This group, which encompasses various strategies, finds an ally in AI for constant updates. Artificial intelligence can personalise and enhance social engineering, creating highly convincing messages based on the information collected about the victim. 

• AI-Assisted brute force. AI algorithms can improve brute force attacks. They predict password patterns and expedite unauthorised access to accounts. 

• Spear phishing. In this type of phishing, the attacker sends fraudulent messages to specific individuals, aiming to deceive them into revealing confidential information or taking actions that compromise their information security. Unlike general phishing, which is sent to a large number of people in the hope of deceiving a few, spear phishing is personalised and tailored to the victim, making it harder to detect and more effective. Using AI, attackers can refine the technique, creating highly personalised phishing messages based on information gathered from online profiles and other sources. 

Decentralised identities: more security and more power for the customer 

According to the study we referenced, only 50% of companies use advanced defence methods (biometrics, MFA, etc.), although nearly 60% recognise that adopting approaches such as decentralised identity (DCI) would be beneficial for their business.  

Decentralised identity allows customers to maintain and selectively share their own personal data, helping to address threats and fraud. Its features enhance the customer experience, reduce operational costs, and assist in complying with privacy and data protection regulations. 

Decentralised identity is seen not only as a tactical improvement in security (such as the effective elimination of passwords) but also as a key strategy for the digital transformation of businesses. So why have only 38% planned methodologies based on DCI? This disconnect may be due to several factors. 

• A lack of deep understanding of how to integrate these technologies into existing systems without causing significant disruptions. Additionally, concerns about initial costs and the complexity of implementation may be holding some companies back. This can occur when relying on a provider that does not allow flexible adoption of technologies (Vendor Lock-in). 

• Secondly, although the advantages of decentralised identity are clear, many organisations may be waiting to see more proven success cases before fully committing. Resistance to change and fear of the unknown can be significant barriers. 

• Companies should invest in specific training and education for their staff, as well as collaborations with experts in decentralised identity technology, which could raise doubts among decision-makers. Efforts in this area will not only facilitate a better understanding of how to implement these solutions but also help mitigate the risks associated with adopting new tools. 

Rely on the best providers to develop technological projects in critical sectors 

Banks, public administrations, or health and telemedicine companies must rely on technological projects that provide solidity, trust, and the necessary flexibility to achieve the best results. Concerns are legitimate but must be counterbalanced with the recognition of the positive advances that AI can bring in terms of authentication and data protection. 

Contact the TrustCloud team now and avoid financial losses due to AI attacks 

¹Fighting the next major digital threat: AI and identity fraud protection take priority | Ping Identity. 2024