AI Acts as Catalyst for Increased Unauthorized Access Accounts
In the ever-evolving digital landscape, the need for enhanced security measures has become paramount. One of the key recommendations from Gartner, a leading research and advisory company, is for users to migrate from traditional passwords to multi-device passkeys where appropriate. This shift is aimed at bolstering security and reducing vulnerabilities.
As cyber threats continue to evolve, education plays a crucial role in safeguarding digital assets. Manuel Acosta, senior director analyst at Gartner, emphasises the importance of educating employees about the evolving threat landscape, particularly regarding social engineering with deepfakes. AI agents are expected to automate steps such as deepfake-driven social engineering and credential compromise in the process of Account Takeovers (ATOs).
AI agents, the next major leap forward in the field of AI, are autonomous agents that make decisions and adapt to changing environments without human intervention. These agents are predicted to accelerate the process of ATOs by 50% within the next two years.
Malicious bots and infostealers have led to a surge in ATOs, which have become a major concern for corporate security teams and end customers. Gartner predicts that by 2028, 40% of social engineering attacks will target both executives and the broader workforce using deepfake audio and video. These attacks will primarily target organizations and individuals vulnerable to manipulation, exploiting trust to commit fraud or espionage. Specific groups most affected have not been distinctly identified in the available sources.
The rise of ATOs has outpaced ransomware as the top enterprise security concern. According to an Abnormal Security report last year, 83% of organisations experienced at least one incident over the previous 12 months. In response, organisations will need to adapt procedures and workflows to better resist attacks leveraging counterfeit reality techniques.
To combat these threats, Gartner recommends expediting the move towards passwordless, phishing-resistant multi-factor authentication (MFA). This shift towards more secure authentication methods is expected to become increasingly important as AI agents automate social engineering attacks.
Vendors are also likely to introduce new products to better detect and monitor AI agent interactions. As the digital landscape continues to evolve, staying informed and adapting to new security measures will be essential for maintaining the security of digital assets.
