Fighting digital threats starts with knowing who’s there

By Jon Schlegel, Chief Security Officer of CLEAR

The warning the State Department sent to U.S. diplomats around the globe in July read like something from a science-fiction future that has arrived faster than anyone anticipated: An unidentified individual was using artificial intelligence-powered software to mimic Secretary of State Marco Rubio in voice and text messages to top officials.

The impostor appeared to be attempting to manipulate foreign ministers, a U.S. governor, and a lawmaker, to gain access to sensitive information or accounts, the department warned. Thankfully, the effort failed. But engineering firm Arup was not as fortunate when it was subjected to a similar attack last year: An employee, fooled by an AI-generated video call, wired $25 million to fraudsters posing as the company’s CFO. In that case, the attackers didn’t break in – they were let in, because the system couldn’t distinguish real from fake.

These cautionary tales are already multiplying into the hundreds. In the age of deepfakes, fraudulent credentials, data breaches, and digital deception, it’s not just our networks under attack – it’s our ability to verify what’s real and who’s behind the screen. Cloned voices and synthetic faces continue blurring the line between the physical and digital, equipping attackers with increasingly sophisticated tools to swipe our identities and weaponize them against us and our most sensitive systems. These are threats we can no longer afford to ignore.

The need to strengthen security amid more sophisticated attacks

As a chief security officer with decades of cyber security experience in both the government and private sector — from NSA to Fortune 500 companies — I’ve seen identity-based threats surge across the board. Today, the need to verify that the person on the other side has never been more urgent. Passwords and security questions no longer guarantee identity. Biometric verification is now a must-have to achieve the highest level of authentication and guard against evolving threats.

Attackers are exploiting identity gaps at every stage of the threat chain. In 2024, the FBI’s Cybercrime Complaint Center reported a 9 percent rise in ransomware complaints – on top of an 87 percent spike the year before – with financial services among the top five most-targeted critical infrastructure sectors.

So-called infostealer malware infections, which secretly collect sensitive data from victims’ devices and send it off to attackers, have more than doubled. Ransomware-as-a-Service has commoditized extortion campaigns, and AI-powered deception is scaling faster than most organizations can detect. Fraud costs U.S. businesses more than $500 billion a year, by some estimates, and identity-based attacks sit at the center of that crisis.

Many of the attackers are organized and alarmingly sophisticated. Nation-state actors such as Volt Typhoon, a Chinese state sponsored group recently confirmed by U.S. agencies to have compromised energy, water, transportation, and communications networks, are gaining access to cameras and sensors tied to critical infrastructure. Ransomware groups are operating like startups, offering affiliate onboarding, customer support, and profit-sharing models to scale their operations. Deepfake technology is now advanced enough to bypass weak identity checks.

Yet across critical sectors like healthcare, finance, and retail, the identification verification systems we use remain fundamentally insecure. This is no longer just a question of modernization – it’s a question of national security.

Rebuilding trust through modern identity

The encouraging news is that the infrastructure to strengthen digital identity already exists, and companies are working to ensure more of our economy adopts it. While CLEAR is known for airport security, we’ve built a secure identity platform that goes far beyond travel — drawing on 15+ years of experience setting the standard for trusted verification in the most highly-regulated environments.  Drawing on hundreds of signals from biometrics, documents, devices, and trusted third-party databases, identity platforms are transforming the way our identities are used and secured across countless industries – from verifying remote workers to giving patients seamless access to their healthcare records. Leading digital platforms are designed to ensure data privacy and protect users’ identity, because across every breach, scam, and system failure, one thing becomes clear: identity is the thread that connects it all.

What’s needed now is a shared sense of urgency and a bold commitment to move into the future. We need public-private partnerships built on trust and interoperability, policies that encourage adoption of high-assurance solutions, and a decisive break from outdated verification methods. By solving for identity, we can disrupt attackers at the front door before the damage is done.

About the author

Jon Schlegel is the Chief Security Officer of CLEAR, a secure identity company.

Article Topics

biometrics  |  CLEAR  |  digital identity  |  digital trust  |  identity proofing  |  identity verification