Cyber risk management in the age of intelligence

We all know that AI (Artificial Intelligence) plays a mean game of Go and can be an invaluable tool for making recommendations and closing deals. Amazon, for example, uses AI to predict people’s purchase interests based on their online behaviour and hopes to eventually “ship products to us before we even know we need them”. Meanwhile, a bank in Singapore has developed an AI-powered chat bot that is credited with securing about $70 million worth of home loans and counting.

But, what is making the security world sit up and take notice of AI (and its comrade-in-arms ML or machine learning) is its potential in the area of cyber risk management.

Techopedia defines AI as an area of computer science that is focused on “the creation of intelligent machines that work and react like humans”.¹ One of the ways that this is being achieved is through ML, where algorithms are fed with huge amounts of data so that they can learn, adapt and improve.

So what applications do AI and ML have in the area of cyber risk management?

Cyber risk refers to the risk of financial loss, reputational damage, operational disruption or any other negative impact arising from the failure of IT systems.  And in today’s cyber-insecure world, cyberattacks loom large as a major cause of such system failures.

An important aspect of cyber risk management is to be able to proactively identify anomalies and to predict attacks and breaches even as threats become more sophisticated, well-funded and targeted.

According to an Enterprise Strategy Group (ESG) study ‘Artificial Intelligence and Cybersecurity: The Real Deal’, 29% of enterprises said they are looking to AI to accelerate the detection of security incidents.² “In many cases, this means doing a better job of curating, correlating, and enriching high-volume security alerts to piece together a cohesive incident detection story across disparate tools,” said ESG. 

New generations of malware and cyberattacks are constantly evolving and can be difficult to identify and detect using traditional signature-based approaches to cybersecurity.

Intelligence systems can help address this by using algorithms to detect patterns and identify threats as they emerge and evolve. These can be applied to look for hidden patterns or groupings in uncategorised datasets. This makes it a particularly effective tool for identifying anomalies or ambiguous events that could be a threat to the organisation.

By studying usage patterns and conducting behaviour analysis, a ML system provides enterprises visibility on anomalies: detecting fraud, discovering strange activity and connecting the dots.

In effect, doing the ML system does the work of a detective, complementing existing security controls to reduce false positives and improve detection accuracy. These ML algorithms can monitor huge volumes of data (IDS alerts, Network Traffic, Proxy and Authentication Logs) and find patterns in data that do not conform to expected behaviour.

AI, when applied in cyber risk management, means using the technology to prioritise incidents and automate response and remediation where feasible. For example, when a new threat is uncovered, the AI system is able to apply its newly-found knowledge to all other systems in its network, launching investigations to find out if other machines exhibit evidence of the threat or threat type, and in the process, greatly improve detection accuracy. If it is suspicious, the AI system can then detonate the entity in a sandbox to examine behaviour based on characteristics observed.

According to the ESG study, 27% of enterprises want to use intelligence-based cybersecurity technology to accelerate incident response.2 Today, there is growing interest in intelligence systems that are able to handle this automatically according to a standardised playbook. In other words, the intelligence system learns to identify and detect the threat, and to remediate the situation on its own.

From the perspective of day-to-day cybersecurity operations, it is easy to appreciate the benefits of intelligence systems in cyber risk management. It allows for more accurate threat detection and more efficient incident response whilst reducing the manpower effort that is required to carry out these tasks.

From a higher level perspective, some 34% of respondents in a Forrester Report³ study used AI-based cybersecurity technology to improve data, analytics, or insights platforms to enhance their organisation’s cybersecurity situational awareness, and provide them with a unified view of their security status across the enterprise network. 

These insights can help to facilitate conversations between chief information security officers (CISOs) and their C-suite counterparts by giving them empirical data on the potential risks confronting the organisation, its current defences and cybersecurity budget. And this, in turn, will help to ensure that organisation’s cyber risk management strategy is closely aligned with its larger business goals.

Let’s have a chat about current cyber risk management strategy.

¹ Techopedia, 2018, https://www.techopedia.com/definition/190/artificial-intelligence-ai

² Enterprise Strategy Group, Artificial Intelligence and Cybersecurity: The Real Deal, Jan 25, 2018

³ Forrester Data Global Business Technographics® Data And Analytics Survey, 2017