Five ways CISOs are using AI to protect their employees’ digital devices and identities

Using generative AI to automate scripts seeking unprotected endpoints, ports and infrastructure security gaps, cybercrime gangs offer bounties for targeted organizations’ employee digital device passwords and identities. As many recent attacks show, putting any trust in identities is a breach waiting to happen.

Notably, digital and physical crime in healthcare has long been converging and growing into a pandemic. Healthcare providers warn their employees not to leave their laptops in their cars unattended. The Coplin Health incident in which 43,000 records containing personal health information (PHI) were compromised after an employee’s laptop was stolen from their car is still a concern boards mention regarding identity security. A stolen laptop with unencrypted PHI data can often lead to a $1 million settlement based on HIPAA violations alone.

Attacks on employees’ digital devices and identities are soaring

Healthcare CISOs tell VentureBeat that attempts to steal employees’ digital devices are soaring because PHI records command the highest prices on the dark web and are untraceable. The U.S. Department of Health and Human Services (HHS) Breach Portal shows that in the last eighteen months alone, 799 healthcare providers have been breached, 551 of them experiencing a server-based attack and 173 email-based in which laptops were used to gain access.

CrowdStrike’s cofounder and CEO George Kurtz said in his keynote at last year’s Fal.Con that “80% of the attacks or the compromises that we see use some form of identity and credential theft.”

The Identity Defined Security Alliance (IDSA)’s 2023 Trends in Securing Digital Identities report found that 90% of organizations experienced at least one identity-related breach in the past year, representing a 7.1% increase year-over-year.

Getting ready for automated attacks that weaponize AI at scale

Deepfake attacks are so pervasive that the Department of Homeland Security provides the guide Increasing Threats of Deepfake Identities, which outlines how to counter them. VentureBeat has learned of several attempted deepfake attacks on leading enterprise software CEOs that follow the same attack pattern in which Zscaler CEO Jay Chaudhyr’s voice was used to extort funds from the company’s India-based operations.

Chaudhry, Kurtz and CEOs of top cybersecurity companies agree that stolen identities and privileged access credentials are customers’ biggest threats. The Finnish Transport and Communications Agency National Cyber Security Centre and WithSecure commissioned a study to predict AI-enabled cyberattacks, as shown below.

How CISOs are using AI to protect employees’ identities

Security teams and the CISOs leading them can’t afford to lose the AI war. The following five AI and machine learning (ML) techniques have become table stakes for stopping identity-based attacks:

Getting a more precise count, location and telemetry of all endpoints, machines and associated identities

Cybersecurity and IT teams often can’t locate 35% to 40% of their endpoints and machines. With the proliferation of new identities assigned to endpoints and the resulting unchecked agent sprawl, attackers’ reconnaissance efforts quickly find over configured endpoints.

Endpoint sprawl makes identity breaches harder to stop. Six in 10 (59%) endpoints have at least one identity and access management (IAM) agent, and 11% have two or more. These and other findings from Absolute Software’s 2023 Resilience Index illustrate the false sense of security organizations have in security tools.

The Index found that many endpoint controls aren’t installed correctly, leaving 25 to 30% of devices vulnerable to attack. Treating every identity as a new security perimeter, enforcing least privileged access, monitoring every transaction and going all in on zero trust for every endpoint must be a priority.

Moving beyond mobile device VPNs and standardizing AI-enabled Mobile Threat Defense (MTD)

In a recent interview with VentureBeat, Ivanti chief product officer Srinivas Mukkamala noted that, “increasingly, our cell phones contain our whole lives. At the heart of modern device management organizations [protecting] data everywhere work happens, especially work that is happening on personal devices.”

Mukkamala’s comments reflect what VentureBeat hears from CISOs in healthcare, manufacturing and financial services, in which mobile devices are frequently an attack target.

Mukkamala advised that “there is a continued need to more easily control what information apps have access to and avoid granting inappropriate or excessive permissions, which puts individuals and organizations at risk. IT and security teams are increasingly turning to automation and AI to ease the manual and mundane parts of device management and importantly, to create a moat around the personal data and work data accessible through our phones.”

Improving risk scoring accuracy and precision to more quickly identify identity threats

CISOs and their teams tell VentureBeat they’ve offered to help test the latest generation of AI and ML-based risk-scoring models their providers are readying for launch. Leading cybersecurity providers have already released improved risk scoring to identify and thwart identity-based attacks.

AI is proving effective in analyzing large volumes of identity and access data in real time to detect subtle patterns and anomalies that indicate compromised credentials or insider threats. Adopting a real-time telemetry approach reduces false positives.

Detecting synthetic identity fraud and deepfakes

From reducing false positives and identifying synthetic fraud to spotting deepfakes, all AI-based identity platforms and solutions share the common attributes of relying on decades of data to train models and assigning trust scores by transaction.

For instance, Telesign’s model-based approach is noteworthy in its efficiency in getting the most value from various real-time telemetry data sources. Their model relies on more than 2,200 digital attributes and creates insights based on approximately 5 billion unique phone numbers, more than 15 years of historical data patterns and supporting analytics.

Phone number velocity, traffic patterns, fraud database consortiums and phone data attributes distinguish Telesign’s approach. Identity signals are scored for anomalies that may indicate a synthetic identity. The system “learns” from predictive analytics and supervised and unsupervised ML algorithms.

The company’s risk assessment model combines structured and unstructured ML to provide a risk assessment score in milliseconds, verifying whether a new account is legitimate.

Relying on resilient, self-healing endpoints

Enabling self-healing endpoints to regenerate themselves autonomously and detect and respond to potential threats are two ways AI drives greater endpoint resilience. AI also enables endpoints to quickly detect and respond to anomalies and advanced threats that rules-based systems miss.

CISOs tell VentureBeat that they use AI-based self-healing endpoints to reduce manual IT support time and cost, improve compliance and identify identity-based breach attempts where attackers try to gain access using stolen privileged credentials.

Leading self-healing endpoint providers include Absolute, Akamai, Ivanti, Malwarebytes, Microsoft, SentinelOne, Tanium and Trend Micro. Absolute’s Resilience platform is noteworthy as it provides real-time visibility and control of any device, whether on the network or not. Their platform is factory-embedded in firmware by 28 top device manufacturers, making it the world’s only firmware-embedded endpoint visibility and control platform. Absolute is firmware embedded in more than 600 million endpoints and the company serves 21,000 global customers.

AI is core to the future of identity security

As a recent CrowdStrike report illustrated, identities are under siege. Remote and hybrid workers are high-value targets because attackers also want to steal their identities.

By prioritizing AI for 360-degree endpoint monitoring, multi-layered mobile threat defense, real-time risk scoring, synthetic fraud detection and self-healing endpoints, organizations can protect employees’ identities and reduce the threat of a breach.

AI-based platforms and systems are proving effective in identifying anomalies and potential threats in real time, ultimately shutting down identity-based breaches and attempts to use synthetic identities and stolen access credentials.