The massive surge in cybercrime, the ever-increasing number of threat vectors, and a critical skills shortage has left organisations feeling more vulnerable to cyberattacks than ever before. With exponentially more ransomware incidents being reported than there are skilled cybersecurity professionals available, progressive businesses are looking to Artificial Intelligence (AI) and Machine Learning (ML) to close the gap.
Every day more and more people and businesses are held to ransom as exposed vulnerabilities are exploited by criminals. Even those with robust cybersecurity strategies in place are concerned by the sheer number of business attacks, which increase in number every year. The cost of attacks was estimated to rise to USD$10 trillion annually by 2025 according to a 2020 report, and may yet exceed that amount. Given the stark reality of everyone connected to the internet potentially becoming a victim of a cyberattack, managing cyber threats manually and still having time to actually do business is no longer possible.
Protecting all end-points, integrations, APIs and every other threat vector is, quite literally, an insurmountable task. A staggering 93% of companies can be penetrated by cybercriminals; the consequences of which to the unprepared are dire indeed. Consequences that span from service disruptions, the holding of information and systems to ransom, through to destruction of physical infrastructure which, beyond the inconvenience, the financial and reputational implications, and potential threat to life, can easily result in the total loss of an organisations ability to remain in business.
This is where artificial intelligence (AI) and machine learning (ML), both of which are being used with great success in reliable and resource saving robotic process automation, become so interesting for the management of our overloaded and under-resourced cyber threat environments. Machines have always processed data faster than humans can, but not always any better. Which is why ML that can use the most proficient and effective techniques to analyse massive amounts of data is becoming mainstream and widely used today.
More importantly, as the latest developments in AI now start to reliably deploy systems that can start up and fully learn its environment in the way a skilled and experienced human does, AI can now deliver reliable and repeatable analytics with immediate accurate and automated responses for those the high volume repetitive security event monitoring tasks that cannot retain or even attract, the level of human skills required for reliable results.
It goes further. AI/ML can operate at scale which was not possible before. What this means is that for the first time, one can continually ingest and analyse data from all relevant cyber security and IT tools to present a unified and cohesive view of an organisation’s investments in real time. Now enterprises can report cyber risk in business terms and in rand terms, which is traceable to underlying operational reality, which delivers multiple benefits to any organisation.
This use of AI has long helped alleviate the skills gap throughout the global ICT market by automating highly manual processes, aggregating feedback, and taking over massive and mundane tasks to free up humans to focus on implementation and further research. This IT and cyber skills shortage is even more stark in South Africa where local demand far surpasses even international supply. AI tools however do not just provide a replacement for missing skills, they have also become critical teaching components in growing new cybersecurity and risk skills.
Emigration and remote work arrangements now mean local employers compete for local talent against international corporates with deeper pockets.
AI and ML build not only build up a database of vulnerable threat vectors and then based on discovery can continually test and learn new ways of attacking systems, they can also use their understanding of how to manage threats to teach the next generation of cyber risk managers. They do this 24/7/365, and as a result, are extremely effective.
Bespoke cybersecurity solutions that leverage AI and ML are easily the most effective testing and discovery engine for companies looking to defend their systems. Key insights provided by the ongoing threat detection systems allow highly skilled and scarce resources to prioritise their time in more meaningful ways.
With the average cost of a ransomware attack now standing at USD$1,85 million, every sector in every industry is at risk. While breaches at large firms make headlines, Evans cautions that small and medium-sized entities are often not aware of the extra risk they carry and are often an easier target for hackers because of SMEs’ lack of resources and security expertise. And it’s not just tech companies being attacked. Any business running a web application and those with operations in education, manufacturing, and finance are finding themselves to be frequent and popular targets for criminals.
It’s simply not feasible to address all your cybersecurity requirements with a single vendor let alone a single team or a single person. The landscape is far too vast and ever-expanding for that. Considering the current environment where skills are scarce, threats are multiplying, and businesses must contend with the very real possibility of complete closure because of cybercrime, the only answer is the adoption of smart ML and AI tools aligned to the threats specific to your business that will leverage on others understanding to manage the most aggressive threat environments you can expect.
Artificial intelligence and machine learning are not silver bullets that can just be used without thought, but in the hands of cybersecurity and IT professionals are tools that can be readily and reliably deployed to bolster existing cybersecurity solutions that allow any business to resiliently avoid damage from the all but inevitable cyber attacks that are today’s reality.