Automating the fight against large-scale cyberthreats during and post-pandemic

Automating the fight against large-scale cyberthreats during and post-pandemic

Artificial Intelligence and Machine Learning are important components in helping enterprises maintain organisational resilience and detect cyberthreats. Asher De Metz, Lead Senior Consultant at Sungard AS, discusses the benefits of using this technology to become more cyber-aware.

The COVID-19 pandemic continues to be an immense humanitarian crisis that is severely impacting the global economy. As organisations have shifted to remote working to protect employees while continuing to serve customers, they have moved the majority of activities to the digital world – increasing the risk of cyberattacks and threatening Business Continuity.

According to the World Economic Forum’s COVID-19 risks outlook, employers are most worried about COVID-19 provoking a prolonged recession, followed by a surge in bankruptcies. But in third place is the sudden surge in remote working leading to increased cyberattacks and data fraud, as the number of attacks against organisations grew exponentially to reach a four-month high at the end of April.

Naturally, business leaders are looking for solutions, and the adoption of Artificial Intelligence (AI) and Machine Learning (ML) is a growing trend. AI and ML can help organisations automate the fight against large-scale cybersecurity threats, by tracking, uncovering and acting on attacks. Unfortunately, they also make it easier for bad actors to break into those networks and steal data.

There are four key considerations for organisations that are thinking about using AI/ML to fight cyberattacks.

The more digital, the more vulnerable

The speed of organisational change has been intensifying in recent years as enterprises undertake Digital Transformation projects. At the same time, cybersecurity threats continue to become more widespread and potentially damaging, especially those from some nation-states with seemingly endless resources. For example, the World Health Organisation (WHO) is one of a number of organisations to have reported a dramatic increase in the number of cyberattacks directed at its staff, and email scams targeting the public at large since the pandemic began.

AI/ML are also enabling hyper automation and the ability to generate quality insights from huge amounts of data. IoT sensors, along with the growing use of cloud computing, microservices and highly connected systems, give black-hat hackers even more attack points. And criminals using AI/ML themselves can more efficiently target and exploit these.

Such technologies can also assist cybercriminals with precisely targeting victims with authentic-looking social engineering attacks. By comparison, phishing emails of the past were often riddled with tell-tale grammatical errors, making them far easier to spot.

To make matters worse, there remains a lack of skilled cybersecurity professionals available to help enterprises protect themselves. It’s estimated that an additional 4.07 million are needed, with 65% of organisations reporting a shortage in such talent.

Most IT professionals want AI/ML to bolster defences

According to the Capgemini Research Institute, nearly two-thirds of senior IT executives don’t believe they can identify the evolving threat landscape without the help of AI/ML. IT executives at three out of five firms state that AI/ML improves the accuracy and efficiency of their cybersecurity analysis.

Many enterprises hope to fill the cybersecurity skills gap with AI/ML. Even the smartest hacker in the universe couldn’t achieve visibility of all new threats because so many new ones emerge so frequently. Hence AI/ML have become so important in helping enterprises maintain organisational resilience.

As an example, some Software-as-a-Service (SaaS) backup solutions for enterprises can apply ML algorithms to analyse backup patterns and metrics, which in turn can help those backup solutions automatically identify a ransomware or other malware attack before it’s too late. Backup and recovery execution can become more intelligent and automated with AI/ML to better accommodate unique considerations for each enterprise’s recovery process.

Organisations still need the human touch

One way AI/ML can help is by analysing vast amounts of cybersecurity-related data to identify patterns and spot irregularities.

Large amounts of threat data can be collated and parse through it on a constant basis to see the changing nature of the threat landscape. For example, an organisation might routinely transmit data between China and Romania between certain hours, but if data is transmitted beyond those hours and/or a different type of data is suddenly being transmitted, AI/ML would spot the irregularity in real-time.

In a situation like this, human decision-making may still be needed. The obvious decision may be to shut down an unusual data flow right away and potentially thwart bad actors before they can do any damage. However, doing so may drastically disrupt important operations. While AI/ML alerts a cybersecurity team to the irregularity, one or more team members may still need to make a judgement call based on their knowledge of the enterprise’s priorities, the operations potentially impacted and the resilience risks.

To be resilient, organisations need a data-oriented culture

To fully extract the resilience benefits of AI/ML, organisations must develop a culture oriented towards business analytics.

As Big Data continues to grow, resilience threats escalate and AI/ML is increasingly deployed, it is imperative for teams to remain on the same page. Having a brilliant cybersecurity team that can analyse all the threat data and develop the ideal solutions for resilience is not enough alone. They still need to really understand the organisation’s business imperatives. And other teams need to understand where the organisation’s vulnerabilities are. If all teams have a data analytics mindset, together they can proactively determine what needs to be improved in the organisation’s resilience risks and to prioritise those improvements.

Above all, don’t forget the basics

COVID-19 is not going away anytime soon. Even as lockdown measures are beginning to lift, many businesses will continue to operate remotely until it is deemed safe for their workforces to travel. As companies continue to search for solutions to combat increased cyberthreats, business leaders must ensure they are fully informed on the solutions they choose.

AI and ML can help automate the fight against large-scale cybersecurity threats by tracking, uncovering and acting on attacks. However, this often comes at the price of making it easier for bad actors to break into those networks and get that data.

AI/ML can be highly appealing for organisations looking to avoid resilience risks. But enterprises must understand that even the most sophisticated AI solutions and ML algorithms will not help strengthen resilience if the basics are neglected.

Browse our latest issue

Intelligent CIO North America

View Magazine Archive