Biometric security is often viewed as superior to passwords when it comes to protecting sensitive systems or data.
The interface between physical and software security, verified by unique personal identifiers like iris scans, fingerprint scans, or voice verification, seemed to render biometrics invulnerable to the types of attacks that systems of either variety were susceptible to independently.
Earlier this year, an Arizona mother received a late-night ransom call with her 15-year-old daughter pleading in distress on the other line.
It was an AI-generated clone of her daughter's voice print generated from snippets of audio and used to create a fake recording with enough fidelity that even the child's mother could not tell the difference.
We saw a remarkable surge in the frequency and quality of deepfakes last year.
The increasing availability of biometric data makes these types of scams relatively easy to execute.
Threat actors can mine IoT-connected devices like video databases for iris, fingerprint, and facial recognition data - think of a typical office environment where a person might pass a high-resolution camera multiple times a day for several months.
As the technology evolves rapidly, attackers can now insert the deepfake right into the video feed, avoiding some of the liveness checks that biometric systems offer.
For this reason, securing video surveillance systems and the data they generate will be crucial in the upcoming year.
IoT devices are among the largest unsecured attack surface for most modern organizations.
As cybercriminals become increasingly clever and sophisticated, lax IoT security poses a greater risk than ever before.
These issues, combined with advances in artificial intelligence and quantum computing, have the potential to break biometrics.
Organizations must make strong, proactive investments in improving their security posture to stay ahead of the evolving threat landscape.
As attackers use AI to find and exploit vulnerabilities, IT and security teams should leverage AI at every level of defense to act as a force multiplier, aggregating and prioritizing data, identifying likely attack paths, revealing lateral access, highlighting back doors, and compiling potential remediation actions.
The cloud era ushered in the decline of the traditional security perimeter, and the shift to remote work amid the Covid-19 pandemic delivered its last rites.
Zero trust should be the default position for all organizations - meaning that each user is continually verified not only based on their credentials, but on the data they're accessing.
A sophisticated zero trust capacity can identify and confront unauthorized access faster than any traditional security protocol.
Regardless of the method of attack, zero trust enables organizations to regulate network access to a granular degree in real time, limiting the risk of any unauthorized access.
While the end of biometric security has deep implications for organizations across industry and government, there are concrete actions leaders can take to protect against the threats that will emerge in the gap.
By expanding the use of AI in cyber defense, along with investing in tools to achieve a comprehensive zero trust network state, organizations can defend against these threats and evolve with threats in the era of AI and quantum computing.
This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Sun, 10 Mar 2024 22:13:06 +0000