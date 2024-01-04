By Bob Eckel, CEO, Aware

In previous articles, we’ve highlighted identity and access management as a cybersecurity category that continues to show resilience despite challenging economic headwinds. The reason for this resilience is obvious: identity and access management in an age of security breaches, along with the need for frictionless customer experiences, is more important than ever.

According to the latest CrowdStrike report, the biggest trend the industry is seeing is a shift to identity-based attacks, where attackers use stolen identity information to access a target. Traditionally, identity credentials have been compromised via techniques like phishing and social engineering to gain access to passwords and other sensitive information, which has led to many organizations adopting more advanced techniques like biometrics to secure identities. However, as biometrics and other similar techniques increase in popularity, attackers have “upped their game” in response.

This inevitable evolution leads us to ask: What’s next for identity security in 2024? What are the top emerging growth categories and threats, and what kinds of companies will emerge as leaders in combating these threats? Here are some key insights as we enter Q1 of the new year.

Artificial Intelligence: In recent years, artificial intelligence (AI) has emerged as a game-changer in the identity security realm, transforming traditional usernames and passwords into more advanced authentication methods like biometrics. According to one recent survey, more than half of consumers would rather sign up for a new product or service using biometrics. Additionally, this easy verification makes them more likely to continue using the product or service. This is because biometrics can make for a frictionless, convenient-to-use and great user experience.

AI-powered algorithms can analyze and process biometric data points, and more recently, identify verification may include behavioral attributes. “Behavioral biometrics” measures and uniquely distinguishes patterns in the behavior of device users (for example, typing speed) and includes the habits and proclivities humans exhibit over time.

Another form of biometrics, voice or speaker recognition, relies on AI to recognize the unique biological makeup of individuals’ voices. While voice recognition has been around for several years, voice cloning is emerging as an offshoot of this technology - a new form of AI capable of accurately mimicking human speech, making it incredibly difficult to determine what’s real and what’s AI-generated. Voice cloning works by building a digital copy of someone’s voice, including unique speech patterns, accent, voice inflection, and even breathing, by training an algorithm with a speech sample. Once that model is created, plain text is all that’s needed to synthesize that person’s speech, capturing and mimicking the exact sound of an individual.

This particular AI-powered implementation has many advantageous applications. Perhaps the biggest potential for good belongs to the medical realm, helping individuals with speech disabilities. Today, AI can be used to create artificial voices for people who are unable to talk without assistance. Or, patients with throat cancer who may need to have their larynx removed can record their voice prior to surgery in order to create a cloned voice that sounds very close to their original voice.

However, voice cloning also comes with a potential downside, in that scammers are likely to try to take advantage of it. AI voice generators have been used to impersonate not just celebrities and people in authority, but also close friends and family, or other folks one may know. So-called “vishing” (voice phishing) attacks occur when cybercriminals impersonate people. Unfortunately, seniors are often targeted in these types of attacks, and - in some poignant cases - rushing to the bank to withdraw money or wiring money for a loved one who supposedly just called in desperation, only to find out it was an AI-generated scam. Therefore, as the voice cloning market grows, so will demand for vendors and specialists in liveness detection who can thwart such attacks.

Deepfakes: Also based on AI, deepfakes create incredibly convincing image and video hoaxes – essentially stitching anyone in the world into a video or photo in which they never actually participated. Face swapping is one common example.

Deepfakes are often discussed in a derogatory light, as the technology is frequently used in conjunction with criminal acts – but it has benefits as well. For example, the entertainment industry uses the technology to generate realistic visual effects, and the same tool can also support accessibility (such as enabling a person’s video to speak in different languages).

In spite of its many benevolent uses, deepfake technology remains a significant identity security threat. Deepfake fraud attempts have increased by 31 times in 2023, which creates significant opportunities for not only specialists in liveness detection, but also multifactor authentication vendors and others pioneering sophisticated deepfake detection tools. One example is Intel, which recently rolled out a real-time deepfake detector able to determine whether a video’s subject is real by determining if there’s blood flow in the face.

Physical Access Control: As its name suggests, physical access control is the process of securing who can enter a facility or controlled area. These systems keep unauthorized people out of sensitive areas, and while this is not a new area, it is becoming more important and sought-after as workers return to the office.

In fact, you have likely encountered physical access control if you’ve used a key fob or keycard to access a building or room. Traditional electronic systems that provision entry and exit by means of a preauthorized physical method at access control points come with one key flaw: these methods (key fobs and keycards) are not bound to an individual. All it takes is for a key fob or keycard to be lost, and an entire system could be compromised.

This is creating huge opportunities for security integrators to develop and implement systems capable of ensuring that only the authorized person – and no one else – is truly the one attempting to gain physical access to a certain building or room. This opportunity is especially exciting because in most cases, integrators won’t have to add new infrastructure or replace any of what already exists in their customers’ facilities; they can leverage the equipment customers already have along with the BYOD trend and biometrics. Since biometrics capabilities are now available as cloud-based services, security integrators of all sizes can roll them out to customers seamlessly and cost-effectively.

As we look ahead to 2024, we expect increased activity in the areas of AI, deepfakes, and physical access control, creating tremendous growth opportunities for companies working in these categories - either supporting their beneficial uses or working to minimize their corresponding threats. Investors should watch these segments closely in the new year.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.