Identities are a headache for the average IT team. Guaranteeing safe and expedient access to corporate systems requires careful monitoring of hundreds, if not thousands of staff profiles. Unsurprisingly, slip-ups are common. The 2024 National Cybersecurity breaches survey shows that 50% of businesses report having experienced some form of cyber security breach or attack in the last 12 months – 84% of which were caused by a phishing attack. While IT professionals agree that AI advancements will help strengthen identity security, many face adoption barriers due to the resources and initial investment required.
As such, British businesses must prioritize the careful management of software controlling who has access to servers, applications, devices, and other resources. Emerging cybersecurity threats are only likely to add more fuel to the fire. Gartner recently predicted that a growing number of cyberattacks using AI-generated deepfakes will lead to 30% of enterprises considering identity verification and authentication solutions unreliable in isolation by 2026.
Conversely, advancements in AI could also lead to tighter identity security for organisations. Despite this, many businesses face adoption barriers due to the resources and initial investment required. We therefore find ourselves in a precarious state of affairs: if organisations don’t take steps to secure the identities of their staff today, they could fall victim to a serious cyberattack. More than ever, leaders need to recognize the vulnerabilities created by poorly managed identity strategies.
Identity attack vectors
Unchecked privileges are one such vulnerability. Many organisations simply do not adequately secure privileged identities on their systems such as that of the administrator, application, or shared accounts. That leaves companies open to a criminal tactic as old as the hills: social engineering. By impersonating a senior manager, scammers can pressure those lower down the corporate food chain into illegally transferring hundreds of millions of dollars to anonymous, untraceable bank accounts.
Adopting a zero-trust posture toward identity security can mitigate this threat. But while the will to embrace this philosophy among CISOs is evident, many still rely on solutions like password vaults or single sign-on/multi-factor authentication to secure accounts – applications that no longer match the capabilities of your savvy neighbourhood hacker. However, despite the growing need for flexible and robust identity management solutions that can handle both legacy and cloud systems, a vast number of companies are yet to implement privileged access management (PAM) or cloud infrastructure entitlement management (CIEM) solutions.
The good news about identity security, however, is that there are increasing numbers of options available to organisations looking to reduce threats. AI is one. As phishing, credential theft, and insider threats become ever more sophisticated, cybersecurity vendors have begun to experiment with using machine intelligences to sift the chaff from the wheat in networks to identify anomalous user behaviours and, one would hope, stop breaches before they happen.
Indeed, by harnessing predictive analytics and continuous monitoring, it is possible to improve the accuracy of access controls, reduce human error, and help organisations respond quickly to security incidents.
Implementing AI in identity security requires a clear and structured approach. A roadmap for deployment, therefore, is essential. A clear plan helps organisations prepare for the integration of AI, ensuring that all necessary steps, from evaluating the current security landscape to implementing AI-driven tools, are taken systematically. It also makes sure that any investments the company makes in AI applications are aligned with its business goals, regulatory requirements, and future security needs.
A ‘zero trust’ approach to identity can also significantly ease security challenges by addressing blind spots in cloud infrastructures. Configuring tools to ensure that access to critical data is tightly managed and requires continuous verification is especially useful for firms managing cloud-based or SaaS IT resources outside their control.
Education and empowerment
Identity security is not just a growing challenge—it is an existential threat to enterprises navigating hybrid and cloud infrastructures. The rise of AI presents an opportunity for organisations to evolve beyond their current, often reactive security postures and proactively defend against sophisticated identity-related attacks.
However, fully unlocking AI’s potential requires more than just tools; it demands a strategic, informed approach that integrates the technology into the core of identity management processes. Leaders must spearhead this transformation by fostering a culture that not only embraces AI but also aligns its application with broader business and security goals. This requires a long-term roadmap, continuous learning, and practical AI experimentation. By utilizing AI for predictive analytics, real-time anomaly detection, and Zero Trust frameworks, organisations can drastically reduce their attack surface while continuously adapting to new risks.
Organisations must ultimately understand that their approach to AI should revolve around striking a balance: although timely technological innovation is necessary, it is equally critical to address the issues that we are facing at the moment. A futuristic strategy won’t be sufficient on its own; in order to keep up with changing dangers and safeguard their most precious possessions – their identities – proactiveness is just as crucial.
Kumaravel Ramakrishnan is a technology director at ManageEngine.
Read more: Here’s how to actually adapt large language models to your business needs
