By Wee Tee Lim
There has been a significant increase in data breaches and cyber threats in recent years. According to the World Economic Forum, damages incurred by all forms of cybercrime, including the cost of recovery and remediation, could total US$10.5 trillion by 2025. This includes the impact of threats targeting the commercial sector and coordinated attacks on critical public sector infrastructure.
IBM’s Threat Intelligence describes phishing (39 per cent), exploiting public-facing applications (26 per cent), and exploiting remote services (12 per cent) as the three most common attacks. Once a threat actor has exploited a vulnerability, the top five impacts are extortion (21 per cent), data theft (19 per cent), credential harvesting (11 per cent), data leaks (11 per cent), and damage to brand reputation (9 per cent). That means that over 40 per cent of the resulting impact directly relates to data. This is why today, cybersecurity and the protection of data is a rapidly growing priority for senior executives and government leaders.
The case for AI
AI technologies, such as machine learning (ML) and deep learning, demonstrate promise towards automating malware disposition functions and enabling humans to perform higher level functions — such as moving past signature tracking as the only way to begin to get ahead of malicious threats on data.
Autonomous systems today are already capable of analysing massive quantities of data from multiple sources at speed and at scale. However, they are ill-equipped to deal with the rising complexities and number of access vectors in today’s digital economy.
As organisations become more distributed and complex, behavioural models will need to depend on ML and deep learning models that can detect complex patterns within these large datasets. These incredibly powerful tools can quickly analyse vast amounts of data to easily recognise patterns, forecast future trends, automate repetitive tasks, and even identify optimal solutions to complex problems.
Paired with techniques such as natural language understanding and sentiment analysis, AI’s ability to analyse both structured and unstructured data sources to gather relevant threat intelligence will enable AI systems to continuously adapt and ‘self-learn’ from new data for improved accuracy of threat detection.
For example, security information event management (SIEM) systems are increasingly using real-time data and engineered features collected from across a complex network of interconnected systems and devices. This requires real-time data to be collected, filtered, and routed for anomaly detection, which often includes engineering temporal features, normalising data, enriching data with network or geolocation data, and identifying and tracking events of interest from the point of first occurrence.
Integrating AI into data governance
As the number of access vectors and the value of data and data-related services increases, so will the amount of data threats. Failure to defend against these may result in costly remediation work, disruption to critical processes, irrevocable damage to brands, and fines from industry regulators.
Integrating AI into threat intelligence will enable organisations to shift from reactive to proactive security practices to stay ahead of rapidly evolving cyber threats. As AI-powered threat intelligence looks to redefine the roles and responsibilities of cybersecurity personnel in the coming years, organisations can look forward to pivoting freed-up resources to focus on strategic planning, proactive threat hunting, and developing targeted mitigation strategies.
Overwhelmingly, the most common information stolen during a breach is personally identifiable information (PII) data, which includes names, addresses, social security numbers, drivers licences, passports, medical data, credit cards, and passwords. Sensitive PII data within the consumer sector is a significant target as the disruption of processes and supply chains within manufacturing can result in significant financial losses and make extortion a serious threat.
Our analysis of recent data breaches in Asia reveals a concerning trend across industries. This includes the theft of an alleged 2.2GB data trove from AirAsia, potentially compromising sensitive customer information. Similarly, a decade-long data leak at Toyota that exposed approximately 2 million customer records raised questions about the cloud security practices from the world’s largest motor vehicle manufacturer.
By integrating AI into security and governance practices, organisations can quickly detect unusual behaviour of legitimate users that may indicate a compromised account to restrict their access to sensitive data and systems. Organisations will have to balance the need to provide timely access to data services while defending against the potential for breaches. Being able to do so in near-real time with constantly evolving AI/ML models will be a foundational capability to protect organisations.
Beyond adhering to industry regulations on the storage and handling of PII, and policies such as the Personal Data Protection Act in Singapore, Digital Personal Data Protection Bill in India, and the Privacy Act in Australia; organisations must also relook at their data management and governance practices.
As AI’s reliance on vast amounts of trusted and secure training data will necessitate a robust data governance strategy aligned to the organisation’s data, cloud and security strategies, addressing these factors is crucial for ensuring the effectiveness of AI systems.
Wee Tee Lim is regional vice president for ASEAN and Taiwan at Cloudera