- Security TWENTY
- Women in Security Awards
Effective AI can save you money and reduce risk of breaches, says Peter Barker, Chief Product Officer, at the digital identity product firm ForgeRock.
As organisations struggle to build robust defences and balance data security with digital transformation, hackers bide their time, waiting for the perfect moment to attack.
Additionally, the rise of remote working and increase in network-connected devices has resulted in more frequent cybersecurity attacks with two-plus billion usernames and passwords breached in 2021 alone according to ForgeRock’s just-released 2022 Consumer Identity Breach Report. Digital-first businesses and solutions mean employees and customers are utilising more online services, and the large amount of customer identity data leaves institutions with an ever expanding number of potential weak points where they’re vulnerable to attack. The vast number of remote and ‘unusual’ login attempts, coupled with a chronic shortage of cybersecurity analysts able to authenticate these attempts, means distinguishing friend from foe is getting more difficult. What’s more, a single vulnerability can be catastrophic as data breaches cost companies millions while shattering customer trust in the process. New solutions like artificial intelligence (AI) can be a very powerful tool to repel persistent, sophisticated threat actors, and avoid the reputational and financial damages of a data breach.
AI has huge potential to help prevent cyberattacks. Modern AI-driven solutions can protect organisations, their customers, and employees by stopping threats at a massive scale and reducing the risk of account takeovers. Many organisations are overwhelmed by data and information – and AI-driven applications can help them organise and identify key learnings that are used to make smarter business decisions with more accuracy and speed. Coupled with the increased threat of unauthorised access and attacks during authentication, organisations need a better way to protect themselves so they can focus on their business. AI-driven solutions can do just that.
Benefits of AI
The integration of AI in cybersecurity continues to grow as more organisations and CISOs better understand its value and how it works. AI-based solutions analyse large amounts of data to evaluate access behaviour to prevent known attacks and detect new threats or unusual behaviour. By learning ‘normal’ user patterns, AI-driven solutions can detect abnormal and malicious login attempts from bots and suspicious IPs. When deployed alongside existing security teams, AI acts as a force multiplier, empowering IT admins to make intelligent decisions more quickly, and with a higher degree of confidence, leading to lower deployment costs and easier integration.
AI solutions can help prevent fraud and emerging threats, leading to higher prediction success rates for identifying and eliminating threats.
Ultimately, AI can help manage a rising number of increasingly complex security threats, at scale, and in a more proactive way. It’s no surprise that the global market for AI cybersecurity is already expected to triple by 2028 to $35 billion.
Meeting the challenges
Over the last decade, we have seen a rise in “AI-washing” – where AI is used as a label for anything with some form of algorithmic capability (e.g. like an AI toothbrush). More recently, we have seen this trend emerge in cybersecurity, which means it’s important to understand the criticality of deploying AI correctly.
Some have also raised concerns about data poisoning, whereby attackers manipulate data used for machine learning (ML) to turn AI to their own advantage. The good news is that there are two easy steps enterprises can take to protect against this. Firstly, companies should ensure their external training data is clean by using verifiable data sources and open source data with extreme caution. Secondly, organisations should establish an end-to-end ModelOps process to monitor the internal processes of AI modelling, as well as hiring experienced data scientists to implement and oversee all AI-based systems. With this in mind, the benefits of AI-powered cybersecurity undoubtedly outweigh the risks.
Amid a rising tide of malicious actors, AI is a powerful force multiplier that can help organisations combat ever more sophisticated cybersecurity threats quickly and effectively even against a backdrop of sharply rising cost pressures. It’s a 12th player on the pitch who frees up cybersecurity team bandwidth to focus on the bigger picture while empowering them to make better decisions. Organisations that embrace AI successfully will therefore enjoy a competitive edge with fewer breaches and a higher ceiling in their cybersecurity team’s capacity. If organisations implement the standard checks and balances to guard against AI poisoning, AI powered cybersecurity defences can be one of the strongest tools organisations have in their arsenal against cybercrime.