Whilst many are using innovative tech for identifying known threats, machine learning can go deeper and predict risk
AI and machine learning (ML) are industry buzzwords that have been used extensively over the past five years or so. Like so many examples of IT jargon they have tended to add more confusion than anything, particularly for the C-suite, as to how it is being applied effectively in the context of information security. However, over the past two years there appears to have been a growing appetite for companies in adopting these innovative tech.
A Capgemini report from 2019 threw some light on this emerging trend, including the fact that 61 percent of enterprises say that they cannot detect breach attempts today without the use of AI technologies, and that 48 percent of companies planned to increase their AI in cybersecurity by an average of 29 percent in 2020.
It is understandable that companies are looking for new innovative ways to combat the cyber threat. Cybercriminals are using increasingly sophisticated tools and methods to gain access to the valuable data that so many companies now hold. Those companies who are not proactive and sit behind legacy systems in the hope that they are protected, are increasingly finding that they are not.
The cost of data breaches are also increasing, with the global average cost according to IBM around $3.92million. Add to this cost of regulatory fines (or potential fines), reputational damage and more recently customers suing companies who have experienced data breaches (easyJet is facing a $22billion class action lawsuit over its 2020 data breach).
Therefore, the need to find ways to address the threat is crucial and companies are turning to AI. The Capgemini report also saw 69 per cent of enterprises believe that AI will be necessary to respond to cyberattacks.
One of the stats from the Capgemini saw that 51 percent of executives are making extensive AI provisions for cyber threat detection, outpacing prediction and response by a wide margin. So, whilst many firms see the potential in AI and machine learning in helping to detect threats, most are not using it to its full potential as Darren Craig, founder at RiskXchange explains:
“ML models if used to their full extent can determine if a company is at risk of a breach based on an analysis of the company’s external facing digital footprint. Companies can therefore, be proactive in their defence, rather than passively waiting for AI to identify a possible threat.
“With a sufficient amount of quality data available, ML techniques can easily outperform traditional, manual static based security controls based assessment. Adding risk scoring analytics to a prevention strategy built on AI/ML learning is a great way to raise the bar in securing today’s corporate networks.
“It is promising that companies seem to be starting to embrace AI/ML for cybersecurity, but in order to be more fully secure, companies need to take a proactive approach, using the technology’s full potential. In doing so companies are in a much stronger position to protect themselves from an increasingly sophisticated criminal, and the huge associated cost,” Craig concluded.