How are companies going to protect their own applications? Source: Shutterstock

How are companies going to protect their own applications? Source: Shutterstock

Is AI what MFA needs in order to provide the best security experience?

PEOPLE don’t know how to secure themselves in the digital world, and the little training offered in the average SME organization rarely force employees to think about IT security best practices at length.

It’s what makes employees the biggest threat to the company’s IT networks, almost denting their best efforts to secure the organization from cyber threats.

In most cases, implementing solutions like multi-factor authentication (MFA) provide a viable solution but that makes overall digital transformation more difficult as employees resist new applications that are difficult to access.

Essentially, that presents IT professionals with a unique question: How can we make cybersecurity invisible?

Well, the answer lies in using artificial intelligence (AI) and machine learning (ML) to power behavior-driven MFA solutions for enterprise-grade applications, both critical and non-critical.

Simply embedding MFA in applications is bound to make things secure, and turbocharging it with AI and ML will help offer a smart interface to users and ensure they’red only asked for additional authentication when applications are accessed in environments or under circumstances that aren’t deemed normal.

“AI-driven behavioral biometrics will become the main identity authentication/verification element in two-factor or multifactor authentication,” said Frost & Sullivan Industry Analyst Ram Ravi.

“In the near term, businesses will increasingly use AI to aid decision-making as well as for greater behavioral pattern analysis of anomalies.

“In the longer term, blockchain will be used with biometrics for identity management across applications, and neurolinguistic programming (NLP) will become mainstream as financial institutions use voice processing to offer services and assistance.”

As an intelligence firm, Frost & Sullivan foresees that the integration of AI in biometric systems will play an important role in enhancing the performance of various modalities.

As a major enabler of behavioral biometrics, the company’s analysts expect AI to find significant application in identification and authentication.

A glimpse into the future state of invisible security

For the purposes of multi-factor authentication, biometrics can be categorized into two categories.

First, you could have a physical biometric attribute attached to your credentials that can serve as the second layer/factor for authentication of your user profile. But this one doesn’t really use any AI or ML, and is, therefore, less secure.

The second is to continuously run behavioral biometrics in the background (powered by AI and ML) to check if you’re scrolling, moving the mouse’s pointer, and typing in the way you usually do. If you’re not, you should ideally be “kicked out” of the system.

And this behavioral biometric can be tested each time you’re about to do “something important” within the system – turning this into a continuous authentication feature that transforms both security and user experience at the same time.

So, say you log into your organization’s customer data repository (CRM system) and then leave in a rush and in a split second, someone hypothetically takes your seat – AI-based continuous behavioral biometric security is what will prevent that “threat” from downloading data onto a pen-drive from the account.

Frost & Sullivan’s observations are in line with what other experts have hypothesized over time — but what’s exciting is that the analysts believe such systems are here and ready to be deployed. Large enterprises and SMEs must look into these when evaluating ways to implement organization-wide security solutions.