InfoSec Insider

Deepfakes and AI: Fighting Cybersecurity Fire with Fire

To successfully mitigate evolving attacks, security teams must use the exact same AI tools that create those attacks in the first place.

Today, the most successful and damaging cyberattacks are executed by highly professional criminal networks rather than “lone-wolf” hackers. These criminal organizations have also become highly adept at leveraging artificial intelligence (AI) and machine learning (ML) tools, making it extremely hard for IT security organizations to keep up — much less stay ahead of these threats.

Cybercriminals are using AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. A perfect example of these types of threats are deepfakes – they are realistic, hard to detect and surprisingly easy-to-create facsimiles of real people. Deepfakes have been rightly denounced for the personal harm they inflict through celebrity pornographic videos, the spread of fake news, conspiracy theories, hoaxes and financial fraud.

Going forward, it is likely that deepfake-related security issues and fake news will impact the U.S. election. In fact, researchers at New York University recently found that deepfakes will likely contribute to the amount of disinformation associated with political campaigns. The possibilities of deepfakes are endless, and the threat is real.

As a result, security leaders need to be strategic and impactful, and leverage technology that can protect against these types of new threats.

Time to Start Fighting Fire with Fire

A new approach is necessary to successfully mitigate evolving attacks — even if that means using the exact same tools that create those attacks to fight against them. Tech companies are trying to stay ahead of the game by creating AI technologies that fight against AI attacks, including deepfakes. Google, for example, last year released thousands of deepfake videos to help researchers build tools to spot and combat them.

Traditional security approaches that focus on securing static desktop endpoints are no match for today’s dynamic and sophisticated cyberthreats. And it’s no longer enough to rely on manual security updates and OS patches to protect corporate data on mobile endpoints, either.

Never Trust, Always Verify

Evolving cybersecurity threats also mean that enterprises must completely rethink their security approach to protect devices, apps, data and cloud services in a perimeter-less world where nothing and no one can be automatically trusted — a concept also known as zero trust.

IT professionals must ensure that anyone or anything that tries to access company data is fully verified before gaining access. Below are the four key pillars of zero trust:

  1. Verify every user. Take the time to confirm that each individual user is who they say they are. Through employing various authentication methods – stronger than a simple password – organizations can ensure that the right people are accessing enterprise resources.
  1. Validate every device. Using AI and ML, organizations can instantly determine if a device is compromised, rooted or jailbroken. Just as AI and ML are used to create deepfakes, they do have their perks and can be used to monitor whether a device has been impacted. This ensures that only secure and compliant devices can access business apps, data and cloud services.
  1. Limit access and privilege. Organizations need to analyze a comprehensive set of attributes to verify compliance before granting access. This requires the ability to validate the device, establish user context, check app authorization, verify the network, and detect and remediate threats before granting secure access to a device or user. It sounds like a complex and time-consuming task, but tools that leverage AI and ML can go a long way to making sure user productivity is never impacted.
  1. Learn and adapt. AI and ML are valuable tools that organizations can use to analyze all kinds of security parameters, including user location, devices, IP addresses, number of logins and more. This allows these tools to determine a baseline of normal behavior and instantly alert IT when unusual account activity is detected. Depending on the level of risk present, a notification can be sent to the user or the device can be completely quarantined until the threat is remediated.

Overall, the more we can automate and use intelligence to accomplish verification processes, the better. This approach relies less on humans (who, let’s face it, make lots of mistakes) and more on innovative best practices and tools that can be implemented far faster and more successfully than any static corporate policy. While no tool can completely eliminate the risk of new attack vectors like deepfakes, approaches like zero trust are giving organizations far greater control to keep their companies safe from their impact.

Brian Foster is senior vice president of product management at MobileIron.

Please check out all of our Infosec Insider columns, available by clicking here.

Worried about your cloud security in the work-from-home era? On April 23 at 2 p.m. ET, join DivvyCloud and Threatpost for a FREE webinar, A Practical Guide to Securing the Cloud in the Face of Crisis. Get exclusive research insights and critical, advanced takeaways on how to avoid cloud disruption and chaos in the face of COVID-19 – and during all times of crisis. Please register here for this sponsored webinar.



Suggested articles