In the past, a business’ security infrastructure was built around a single line of defence and once a hacker had broken that line, there was nothing else in place to slow down or prevent access.
In the modern, digital-first world, this problem is much more apparent.
Today, the huge number of mobile connected devices, applications and cloud-based services means cyber criminals have a variety of avenues through which they can target information and, as a result, businesses now need multiple layers of security across different devices to prevent threats.
Siloed security measures however – are not the solution. The manual maintenance of siloed security solutions across different entry points is not sustainable; especially as the volume, velocity and potency of cyber attacks continue to increase.
>See also: The data security landscape of 2027
The time it takes for a human operator to update each security solution is the time a system is exposed to external threats. A skilled hacker could navigate their way through these solutions to the business’ core network in no time at all.
Speaking recently, Paul Lipman, Chief Executive of BullGuard said: “We’re seeing billions of new devices entering businesses and homes, with little-to-no security built in, and which are challenging to update. This is a hacker’s dream and a recipe for a cyber-security disaster.”
And, with the General Data Protection Regulation (GDPR) set to arrive in May 2018, the need for a comprehensive security framework should undoubtedly be at the top of every business’ priorities.
Steve Inglessis, director at DataRaze, questions what the data security landscape will look like in this super connected world. What is different about data security in 2027 compared to that of 2017?
The future of cyber security will be built around holistic, firm-wide predictive analysis and threat recognition powered by AI and validated by human operators. AI is already being used in certain business environments to help support day-to-day activities, next is the application of AI to firm-wide security.
In an internal environment, AI could potentially run a business’ entire security network and provide IT infrastructure support. A good example of this is IPSoft’s Amelia – cited as the ‘most human AI’. Amelia is an AI solution that can manage everything from the front office to back office, connecting to the heart of your enterprise and optimising operations across the board.
Teaching AI to operate
Another asset to include in the development of the business’ security infrastructure is ethical hackers; skilled professionals who understand how to look for vulnerabilities in digital infrastructure and help businesses to rectify them.
Ethical hackers and IT experts can be used to ‘teach’ the AI security solution at scale, helping it to individually target specific types of malware. The future of data security is likely to be a mixture of AI-driven solutions supported by human operators.
With AI at the helm, supported by IT experts and ethical hackers, businesses could benefit from a proactive threat solution that offers a thorough and adaptive rapid response.
A problem with over-reliance on AI in isolation, is that AI-driven threat detection and automated protection could lead to a number of false positives, resulting in far too many alerts which people could slowly start to ignore.
>See also: What is the motivation behind data security?
When a real threat does arrive, employees are too slow to respond. This is why a combination of both AI and human operatives is key to creating a robust security framework.
AI can provide the business with sophisticated security, whilst ethical hackers can teach the AI and test the structural integrity of the security framework, resulting in a stronger defence strategy.
In the past, this level of threat analysis and detection wasn’t necessary. But today, there are more than 390,000 new malicious programs registered every day, according to the AV-TEST Institute – and last year alone, one in five UK businesses was hit by a cyber attack.
And, while cyber attacks on connected devices and business infrastructures will continue to increase, the emphasis on adding additional security that goes above and beyond regulatory compliance will continue to be renewed.
Over time however, security staffing and costs will gradually reduce as AI improves efficiency and automatic reactions to potential security threats.
Another key aspect that will become more prominent in the future is collaboration between security firms across countries, sharing threat analyses, vulnerabilities, security infrastructure and reports to help each other to build more resilient networks.
>See also: Where is the weak link in data security?
About 70% of attacks are known to exploit vulnerabilities with available patches, according to The Verizon Data Breach Report while hackers are able to take advantage of vulnerabilities within minutes of them becoming public knowledge.
This is why AI can play such a pivotal role in the fast assessment of security vulnerability as it is able to identify and rectify security issues in real-time, preventing hackers from exploiting vulnerabilities before they have been secured.
Making breaches known
In the event the business’ security is breached, the next step in the process needs to be communication and repair. This means communicating with employees, tech specialists, managers, PR and communication teams and external parties such as clients and the press – if necessary.
Hiding a data breach could result in severe consequences, especially considering GDPR. Under GDPR, businesses that handle the data of EU citizens and experience a data breach must inform the data subjects without delay – in addition, the data breach must be reported to the relevant supervisory authority as soon as possible.
Of course, as data and technology continues to evolve, so will the regulations and laws that govern them. While GDPR represents the biggest shift in data protection law for more than 20 years, it’s already playing catch up. In the years to come, there will undoubtedly be regular updates to the regulation to meet changes in the usage and application of data.
As mentioned previously, it’s no longer practical or feasible to manage your business’ security manually. Your IT experts and security specialists may have the expertise, but they cannot be everywhere at once.
The inclusion of multiple devices in the business’ hierarchy means there is more than one entrance to critical assets that are vulnerable to cyber attacks – and a data breach under GDPR must be avoided at all costs.
However, with AI supporting the security infrastructure and IT security specialists managing it, businesses can benefit from a powerful, firm-wide solution that can protect them from any attack.
Sourced from Steve Inglessis, Director at DataRaze