Download NIS2 Checklist
Feeling lost about where to start when it comes to the NIS2 Directive? That is why we decided to equip you with actionable steps on how to kick off your compliance journey and reach full compliance with ASEE.
At this year’s Money Motion conference, industry experts gathered to discuss one of the most pressing challenges of our time—identity theft in the AI era. The panel Identity Theft in the AI Era: The New Rules of the Game brought together cybersecurity leaders to explore how artificial intelligence is reshaping digital fraud and what businesses can do to stay ahead.
In today’s digital world, it’s fascinating how effortlessly we open new accounts on social networks, share personal details, shop online in seconds, and transfer money with a single click. Yet, despite the ever-growing concerns over the safety of our finances, we continue to trust these platforms with our personal data. One of the greatest threats in this era is social engineering — a tactic so effective that it only takes minutes for a person to fall victim to identity theft.
While discussions around AI are ubiquitous, the reality is that artificial intelligence is accelerating the theft of identities in the online world. AI-driven scams have reached a point where they can clone your voice, create deepfake versions of your face, and even trick your bank into authorizing large transactions to offshore accounts.
The methods we have relied on for years — passwords and basic security measures — are no longer sufficient. Passwords, often reused across various platforms, have become one of the easiest ways for hackers to gain access to our accounts. With scammers exploiting this, many people unknowingly fuel the very system designed to compromise their security.
Multi-factor authentication (MFA) was presented as a secure method to protect digital identities. However, AI technologies have shown that even MFA can be compromised. As users share personal data freely, they unintentionally open the door to sophisticated cybercriminal techniques. We must acknowledge that in the digital age, traditional security practices are no longer enough. To truly safeguard our identities, we need to evolve.
The future of digital security is passwordless. One of the most secure methods available today is passkeys, specifically FIDO2 technology. Unlike passwords, passkeys are immune to theft because cybercriminals can't "take" something you don’t have.
In the coming years, we will likely see a mix of security mechanisms, such as combining MFA with behavioral analysis. This approach can detect deviations from a user's typical behavior, prompting additional verification if something suspicious is detected. By combining established methods with real-time user behavior, we add another layer of protection that is more adaptive to evolving threats.
As more companies and individuals move toward passkey technology, we are stepping into a new era of cybersecurity — one where identity theft is harder to accomplish and where privacy is better protected. The main issue will always be user experience. You cannot have great security and frictionless user experience, but new generations and more sophisticated attack behavior and biometric authentication will definitely help in this friction. We have to think as it is a continuous process, and we have to constantly store it in depth.
However, we haven't yet seen a real AI attack. Usually, an AI attack is a combination of whole organizations that are using AI to gather data and target users. Organizing an AI attack is a costly business. You have to have infrastructure, people, tools, and resources at your disposal to monitor the attack against another organization.
As AI helps cybercriminals, it also helps cybersecurity experts to find anomalies in the systems and alert us that something is wrong. It is still not the best tool against AI attacks, but it is the tool that can help. After that, we still need our human touch and expertise to cover these anomalies and vulnerabilities.
Just as AI has empowered cybercriminals to steal identities, it holds the potential to be a powerful tool in defense against them. Enhanced cyber hygiene and robust cybersecurity practices will be critical in the fight against these advanced threats. While no method will guarantee 100% security — much like the systems we use today — adopting AI-driven defense mechanisms will significantly improve our ability to detect and mitigate attacks.
Ultimately, user awareness and education will play a pivotal role in protecting our digital identities. The challenge lies in educating those who may not be well-versed in IT security, which is why user experience must evolve to be more intuitive and self-explanatory. When the security process is seamless and easy to understand, users are more likely to take it seriously. Education will not be mandatory only for the end-users but also for the entire organization and employees to understand what kind of attacks can happen, what they can steal, and how to protect all systems against it.
As we conclude, it becomes clear that protecting our identity is a shared responsibility. Banks and fintech companies must implement the most advanced security mechanisms, cybersecurity experts must develop the strongest defense algorithms, and users must educate themselves on how to protect their personal data.
Companies are still not aware of great and continuous cybersecurity hygiene to protect their system. Here is where regulation will help all of us, especially companies, to monitor their system. NIS2, which will be implemented and mandatory for most companies, will cover cybersecurity hygiene at least on a high level. The measures that companies will be required to comply with under NIS2 will greatly help protect not only the user's digital identity but also all critical systems that store sensitive data.
In this ongoing cat-and-mouse game, the only way to stay ahead is by taking ownership of our digital identities. Only by being vigilant and informed can we begin to truly safeguard ourselves against the ever-growing threats in this AI-driven age.
Feeling lost about where to start when it comes to the NIS2 Directive? That is why we decided to equip you with actionable steps on how to kick off your compliance journey and reach full compliance with ASEE.
