The Covid-19 pandemic continues to be an immense humanitarian crisis that is severely impacting the global economy. As organisations have shifted to remote working to protect employees whilst continuing to serve customers, they have moved the majority of activities to the digital world – increasing the risk of cyber attacks and threatening business continuity.
According to the World Economic Forum’s Covid-19 risks outlook, employers are most worried about Covid-19 provoking a prolonged recession, followed by a surge in bankruptcies. But in third place is the sudden surge in remote working leading to increased cyber attacks and data fraud, as the number of attacks against organisations grew exponentially to reach a four-month high at the end April.
Naturally, business leaders are looking for solutions, and the adoption of Artificial Intelligence (AI) and Machine Learning (ML) is a growing trend. AI and ML can help organisations automate the fight against large scale cyber security threats, by tracking, uncovering and acting on attacks. Unfortunately, they also make it easier for bad actors to break into those networks and get data.
There are four key considerations for organisations that are thinking about using AI/ML to fight cyber-attacks.
The more digital, the more vulnerable
The speed of organisational change has been intensifying in recent years as enterprises undertake digital transformation projects. At the same time, cyber security threats continue to become more widespread and potentially damaging, especially those from some nation-states with seemingly endless resources. For example, the World Health Organisation (WHO) is one of a number of organisations to have reported a dramatic increase in the number of cyber-attacks directed at its staff, and email scams targeting the public at large since the pandemic began.
AI/ML are also enabling hyper automation and the ability to generate quality insights from huge amounts of data. IoT sensors, along with the growing use of cloud computing, micro-services and highly connected systems, give black-hat hackers even more attack points. And criminals using AI/ML themselves can more efficiently target and exploit these.
Such technologies can also assist cyber criminals with precisely targeting victims with authentic-looking social engineering attacks. By comparison, phishing emails of the past were often riddled with tell-tale grammatical errors making them far easier to spot.
To make matters worse, there remains a lack of skilled cyber security professionals available to help enterprises protect themselves. It’s estimated that an additional 4.07 million are needed, with 65 percent of organisations reporting a shortage in such talent.
Most IT professionals want AI/ML to bolster defences
According to the Capgemini Research Institute, nearly two-thirds of senior IT executives don’t believe they can identify the evolving threat landscape without the help of AI/ML. IT executives at three out of five firms state that AI/ML improves the accuracy and efficiency of their cyber security analysis.
Many enterprises hope to fill the cyber security skills gap with AI/ML. Even the smartest hacker in the universe couldn’t achieve visibility of all new threats because so many new ones emerge so frequently. Hence AI/ML have become so important in helping enterprises maintain organisational resilience.
As an example, some Software as a Service (SaaS) backup solutions for enterprises can apply ML algorithms to analyse backup patterns and metrics, which in turn can help those backup solutions automatically identify a ransomware or other malware attack before it’s too late. Backup and recovery execution can become more intelligent and automated with AI/ML to better accommodate unique considerations for each enterprise’s recovery process.
Organisations still need the human touch
One way AI/ML can help is by analysing vast amounts of cyber security-related data to identify patterns and spot irregularities.
Large amounts of threat data can be collated and parse through it on a constant basis to see the changing nature of the threat landscape. For example, an organisation might routinely transmit data between China and Romania between certain hours, but if data is transmitted beyond those hours, and/or a different type of data is suddenly being transmitted, AI/ML would spot the irregularity in real-time.
In a situation like this, human decision-making may still be needed. The obvious decision may be to shut down an unusual data flow right away and potentially thwart bad actors before they can do any damage. However, doing so may drastically disrupt important operations. While AI/ML alerts a cyber security team to the irregularity, one or more team members may still need to make a judgement call based on their knowledge of the enterprise’s priorities, the operations potentially impacted and the resilience risks.
To be resilient, organisations need a data-oriented culture
To fully extract the resilience benefits of AI/ML, organisations must develop a culture oriented toward business analytics.
As big data continues to grow, resilience threats escalate, and AI/ML is increasingly deployed, it is imperative for teams to remain on the same page. Having a brilliant cybersecurity team that can analyse all the threat data and develop the ideal solutions for resilience is not enough alone. They still need to really understand the organisation’s business imperatives. And other teams need to understand where the organisation’s vulnerabilities are. If all teams have a data analytics mindset, together they can proactively determine what needs to be improved in the organisation’s resilience risks and to prioritise those improvements.
Above all, don’t forget the basics
Covid-19 is not going away anytime soon. Even as strict lockdown measures are starting to lift, many businesses will continue to operate remotely until it is deemed safe for their workforces to travel. As companies continue to search for solutions to combat increased cyber-threats, business leaders must ensure they are fully informed on they solutions they choose.
AI and ML can help automate the fight against large scale cyber security threats, by tracking, uncovering and acting on attacks. However, this often comes at the price of making it easier for bad actors to break into those networks and get that data.
AI/ML can be highly appealing for organisations looking to avoid resilience risks. But enterprises must understand that even the most sophisticated AI solutions and ML algorithms will not help strengthen resilience if the basics are neglected.
Author: Asher De Metz, Lead Senior Consultant at Sungard AS