AI and the Future of Identity Protection

The Sticky Note.png
Disaster Recovery Plan.png
It’s Magic
Holiday Photos.png
Data Fallout.png

Future of Identity Protection

There’s a lot of alarm over who stands to lose their job to automation and artificial intelligence. From fast food workers to toll booth operators, no doubt there’ll be some losses in the coming decades. But when it comes to identity protection and AI, the question shouldn’t be, “Who’s going to lose their job to artificial intelligence?” The real question should be, “Who should lose their job to artificial intelligence?

If AI could prevent identity theft better than certain cybersecurity specialists, it stands to reason those specialists should lose their jobs to AI. It’s impossible for AI to be “stupid” or to abdicate duties that are part of its algorithm.

Witness the words from chairman of the House energy and commerce committee, Greg Walden: “I don’t think we can pass a law that fixes stupid.” He is of course referring to the Equifax data breach, a giant loss of consumer identity data at the hands of unseen thieves. Equifax’s former CEO Richard Smith resigned after the company revealed the breach to the public. He blames the breach on “human error and technology errors.” What if human error wasn’t an option when it comes to protecting identity data? To the extent that it’s programmed correctly, artificial intelligence promises to do away with human error.

To our detriment, consumers have very few ways of protecting our identity information. The average case of identity theft results in a loss of $1,500 for the consumer. When it comes to protecting social security numbers, Consumer Protect, an activist network, recommends “Always keeping your social security number (SSN) secure. Do not keep your card in your wallet or write the number down on checks. You should only give someone this number when it is truly necessary.” But what if someone (such as Equifax) has this number without your permission?

Although the Government can’t draft a bill legislating the end of stupidity, it can pay attention to one of Mr. Smith’s recommendations. Smith thinks we should stop using social security numbers to verify identity.

It is time to have identity verification procedures that match the technological age in which we live,” Smith said.

For example, a company like Apple knows facial recognition AI is now advanced enough to place it at the heart of the new iPhone X. Apple’s Face ID learns from its mistakes, adjusting its algorithm based on continuing iterations of a user’s facial features. If you keep looking at your phone, it keeps updating its knowledge of your face. Your facial data are encrypted on the device, instead of being stored in a centralized location where hackers can access them. Apple says the chances a random person could access an iPhone X by looking at it are one in a million.

If a person’s face is directly linked to their social security account and credit card accounts, and the facial data isn’t stored on a network that hackers can crack, hackers are going to have a much harder time stealing identities.

But Mr. Smith isn’t offering an entire picture of what a company like Equifax could and should do with AI, and he’s not really addressing Mr. Walden’s assertion that Equifax was simply being stupid by leaving the gate open to hackers.

Equifax’s IT personnel chose not to update Java web applications that were vulnerable because of a fault in Apache Struts, which is an open-source Java app framework. In turn, this left Equifax’s data vulnerable because outsiders could write in malicious code. Blue Matador’s Philip Volmar points out, “What companies like Equifax want is security, uptime, and automated remediation. Instead, monitoring tools give them data, query tools, and reporting.

In other words, Equifax’s monitoring tools didn’t tell them the breaches were happening because they’re using an outdated, limited software stack. Moreover, with awareness of the Apache Struts weakness (which they did have because Apache immediately notified everyone using the framework when the weakness surfaced), they could have used automated remediation to seek out all instances in which the network runs Java web apps using the Apache framework. Then, they could have used Apache’s readily available solution to fix the problem.

In the future, expect AI to do what Equifax’s cybersecurity staff didn’t do: seek out flaws in apps and apply necessary patches, because this type of work doesn’t require critical or subjective thinking. Credit card companies, such as Mastercard, are already using Design Intelligence, an AI program, to identify fraudulent transactions and false declines. It’s not a long-shot to expect a company like Equifax to to use AI for its security purposes too.

By Daniel Matthews

Scott Leatherman

Speeding up Digital Transformation During the Pandemic – 7 Steps to Unlocking the Benefits of Cloud

7 Steps to Unlocking the Benefits of Cloud The pressure for IT leaders to support more workloads and remote staff with limited resources is as contagious as the pandemic. The most powerful tool in their ...
Gary Taylor

6 Organizational Challenges for Cloud Services

Cloud Service Challenges Organizations have rapidly come to the realization that digital cloud services make a compelling business case for helping them navigate this difficult pandemic year. The market for cloud services is expected to ...
New York

From Y2K To NYC Parking Meters: Have We Learned Anything About Complacency In Cybersecurity?

Cybersecurity Complacency This past January – in what seems like a different world now – a story briefly hit the headlines and was seen as more of a quirk than a threat. It was soon ...
Marcus Schmidt

What IT Leaders Should Know About Microsoft’s Operator Connect

Microsoft’s Operator Connect Earlier this year, Microsoft announced a new calling service for Microsoft Teams (Teams) users called Operator Connect. IT leaders justifiably want to know how Operator Connect is different from Microsoft’s existing PSTN ...
Kelly Dyer

Healthcare Data Security: Why It Matters

Healthcare Data Security Today, electronic healthcare data exists at every point along a patient’s journey. So frequently is it being processed, accessed, and shared between multiple providers, that we’d be forgiven for forgetting the highly ...

TECH ELEARNING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.