Technology is value-neutral. While often conceived as a driver of purposeful human action, it poses unparalleled dangers when in the wrong hands. Beyond AI narratives emphasizing robot armies taking over or machine learning revolutionizing entire industries, there’s a story often untold: the story of hackers silently pretending to be you.
Technological development has commoditized real time data analytics at scale, changing the name of the game across industries. Security is no exception. Armed with user data and affordable computational power, both security departments and hackers have evolved to a more agile state.
Users are the weakest link
As organizations became more effective in detecting traditional threats and malware, shifting fraudsters’ focus to perform “man-in-the-app” attacks and credential theft. Following the money trail, cybercriminals are increasing the sophistication of social engineering attacks, making account takeover fraud an 8B problem.
A multiplicative system is only as strong as its weakest link. No matter how secure computer systems are to external attacks if users are voluntarily giving away their login credentials by walking into increasingly sophisticated traps all over the Internet.
In the realm of agile enemies and slow regulations, only adaptive security solutions can secure users at scale. Authentication methods that take into account what we do, rather than merely what we know, will soon be widespread. Then the question becomes: can fraudsters use AI to mimic user behavior such that it goes unnoticed by security departments’ AI systems?
The catalogue of ships
Let’s dig a bit deeper to understand the opposing sides of the battle. On the one hand, AI-armed cyber-attackers have:
- a larger attack surface (from the growing number of devices)
- legitimate login credentials often straight from the user
- physical insiders at organizations
And on the cyber-defense side there is:
- lots of historical user data
- user-level behavior biometrics
- ability to learn from previous attacks at other organizations
Data is the deciding factor
While the strategic agenda of the attackers have shifted, changing the scale of the operation and the coordination of the attacks, organizations still have the biggest benefit: user data. Understanding and detecting patterns in user behavior to such degree that no illegitimate entity can pose as the user could turn the tide of the ongoing battle against cybercrime.
While organizations like OpenAI will hopefully ensure that no single organization alone will benefit from developing superintelligence, the emphasis will shift from having good algorithms to having proprietary data. I make a more elaborate case on that here.
Learn more about our adaptive authentication solution!