Jenn Markey, Advisor for Entrust Cybersecurity Institute, this byline explores the evolving cybersecurity threats and the essential role of Zero Trust strategies integrated with AI technologies in combating these challenges.
Gone are the days when technology and cybersecurity concerns were solely delegated to the IT department. With artificial intelligence (AI), post-quantum (PQ), and an ever-intensifying threat landscape, senior leadership teams and boards have a duty of care to make the right investments and provide the strategic guidance and oversight to help keep the organization, employees, customers, and other key stakeholders safe.
Last year, UAE authorities revealed that the country had prevented more than 71 million cyberattacks in the first three quarters. This underscores the urgency for organizations to fortify their cybersecurity posture, especially with artificial intelligence (AI) driving the number and believability of deep fakes, which increased by 450% between 2022 and 2023 in the Middle East. Facing this intensifying threat landscape, governments and enterprises around the world are scrambling to implement Zero Trust strategies to improve their cyber risk posture and resilience.
This strategic approach, emphasizing constant vigilance and comprehensive visibility, has become important not only for safeguarding sensitive data but also for ensuring organizational resilience against evolving threats. By integrating Zero Trust principles with advanced AI technologies, countries like the UAE are not only strengthening their cybersecurity defenses but also positioning themselves as global leaders in the fight against cyber threats. And if that is not enough incentive, the UAE Government is continuing efforts to hasten breach disclosures and implement laws to hold individuals liable for security and data privacy incidents.
While previous Zero Trust journeys may have sputtered due to the limits of existing technology, AI is a game changer. On the surface, Zero Trust and AI may appear to be polar concepts with the former framed by the strict “never trust, always verify” principle, while the latter is characterized by both the promise and fear of the great unknown. However, much like opposites attract Zero Trust and AI are natural partners.
Zero Trust demands constant vigilance and that’s where AI’s ability to discover, classify, and process large volumes of distributed data comes in. AI can literally speed up the detection of and response to cyberattacks. However, bad actors may to try to poison or otherwise manipulate the training data to blunt the effectiveness of such AI systems. So, Zero Trust and AI are somewhat akin to the “which came first, the chicken or the egg” metaphor. AI-enhanced visibility and decision making can increase Zero Trust effectiveness, but Zero Trust is needed to protect the integrity of the data being used to train the AI model.
The UAE Cybersecurity Council foreshadowed this emerging relationship between Zero Trust and AI with a significant focus on the modernization of the Identity and Devices domains to improve not only an organization’s cyber risk posture, but also enhance government’s posture as well. Some specific examples include:
- Identity Verification – UAE Pass, the UAE’s first national digital identity and signature solution that enables users to identify themselves to government service providers in all emirates through a smartphone-based authentication protocol and to sign documents digitally with a high level of security. The UAE Pass app uses biometric facial recognition software to verify and register users without requiring an in-person visit to a government services center. Establishing and maintaining trusted identity is a critical component of any Zero Trust strategy, yet this is becoming harder and harder with AI generated fakes. This is where AI-powered biometric identity verificationcan help level the playing field to identify deep fakes in real time.
- Adaptive Authentication– Emirates Facial Recognition, an initiative launched by the UAE Ministry of Interior and Federal Authority for Identity, Citizenship, Customs & Port Security, together with private sector partners. The facial recognition initiative includes a “face fingerprint” system for digital verification of digital transactions and remote identities. Such AI-enabled authentication limits privilege access enhancing security measures and analyzing usage patterns for continuous improvement.
Zero Trust is not a product to buy or a box to check. It is a strategic approach to improve cyber resilience that can also serve to increase organization agility, reduce cost of compliance, decrease IT complexity and total cost of ownership. As a leader in AI adoption, the UAE demonstrates how AI-powered biometric identity verification, and adaptive authentication, can fortify defenses against the escalating threats of cyberattacks and deep fakes. By leveraging AI to enhance visibility and decision-making, while ensuring the integrity of AI training data by adopting a Zero Trust strategy, the UAE is pioneering a resilient and secure digital future.
So, there you have it, Zero Trust and AI are inextricably linked for organizational success and safety. With strict access controls, comprehensive visibility, and continual monitoring, Zero Trust lets organizations take advantage of the power of AI, while also helping to neutralize AI risks.