Since the advent of “Big Data,” consumer information has become equal parts valuable and difficult to contain. While having a vast catalog of information can be extremely advantageous to businesses of any size, the ability to protect it is paramount.
Not only do data breaches risk valuable information that has the potential to negatively impact people’s lives, but it also erodes consumer confidence and can even result in costly lawsuits.
No one wants that. Fortunately, there are answers. Artificial intelligence (AI) and other technologies can come together to identify potential information breaches and help businesses fight back against them.
If there’s one thing the long history of recent data breaches has taught us, it’s that they can happen to anyone. In 2014, the major hotel chain Marriott learned this the hard way. While the exact specifics of what happened get a little complicated, the essence of the problem stemmed from an email phishing scam, quite similar to the emails that get filed in people’s spam folders every day.
Perhaps even worse than how easily the hackers got in is how long they were able to remain undetected. While the attack itself occurred in 2014, it wasn’t discovered until 2018 – after significant sums of data had already been compromised.
Not only was this a problem for the company itself, but it was also a stressful situation for the millions of people who use the chain every year. However unfortunate the situation was though, it was far from unique.
Facebook, Yahoo, LinkedIn and so many other Fortune 500 businesses have found themselves in the exact same position. The result? One of the most obvious consequences of data breaches are financial. Not only do companies have to invest significantly in resetting their cyber security—an arduous process that can take months, or longer—but they also have the added expenses of lawsuits and diminished consumer confidence. Though difficult to calculate, the latter risk may ultimately prove the most financially draining.
Equally at risk, of course, are smaller businesses that have data to protect and fewer resources available to protect it.
Threats Like Never Before
Unfortunately, threats to data are an inevitability in our intensely interconnected world. Information is vast, networks are complicated, and new points of vulnerability are constantly emerging. For example, the proliferation of the Internet of Things has led to very easy access points for hackers.
IoT devices, technologies that grow by the billions each year, presently lack sophisticated safeguards, and has been known to produce points of vulnerability that spawn not just loss of information, but also rolling blackouts, and other undesirable outcomes.
Human error is also a common culprit. Even good employees rarely have the bandwidth to be as vigilant with their information as circumstance requires. A recent study demonstrated that just 30% of people change their passwords when they have been alerted of a security compromise. Even this is not done instantaneously, but often weeks, or even months after the fact.
Add to this that many breaches go undetected and we begin to see the scope of the problem. Using a practice known as “credential stuffing,” hackers are often able to take one person’s information and use it to infiltrate an entire system. Small mistakes are as easy as they are punishing.
Poorly trained employees, dicey links, inadequate system maintenance, lax password protection procedures, and the persistence of hackers are all-pervasive threats to data.
In a world of unabating hazards, something inevitably will go wrong. Fortunately, the right technologies, coupled with best practices can help businesses keep themselves, and their customers protected.
How AI Plays its Part
Data vigilance is an all-encompassing and often quite tedious task. AI can bear the brunt of that burden by “reading” user logs and analyzing information for anomalies. On a strictly operational level, this can free up significant amounts of time for staff members who would have otherwise been left monitoring the situation manually.
AI also significantly improves accuracy. While manual data monitoring is infamous for its tedious “false positives” AI is typically equipped to avoid these mistakes, saving time.
Though certainly not a cure-all, selecting the right AI solution can have an enormous impact on your business’s ability to keep itself safe.
AI in all its forms is very good at recognizing patterns. Using algorithms, it can establish behavior profiles that paint a picture of how employees behave. For example, an algorithm might “know,” that Joann signs into her system account at 8AM, Monday-Friday at her office in Boston.
If the system detects that a sign-in attempt has occurred in Singapore, from a cell phone at noon on a Saturday, it might identify this as malicious behavior, and implement adaptive sign-in procedures to protect against a potential breach.
If Joann has, in fact, found herself trying to get a little bit of weekend work done in Singapore, she will be allowed to access the system through some additional verification methods (a security code, question, email verification, etc.). If, however, the person on the other end of the computer is a hacker, the breach might be prevented.
When data breaches and other cyber threats do emerge, AI is uniquely well-positioned to detect them quickly. While your IT department is hindered both by the scope and subtlety of potential threats, AI is not burdened in the same way.
Studies have shown that midsized businesses can be hit with hundreds of thousands of “incidents” that register as a potential threat each day. Needless to say, even a very large well-trained team couldn’t possibly hope to find out which of those threats were real and which were not.
AI cuts through the deluge by recognizing patterns within your network, and only earmarking aberrations. This means that instead of being flooded with many thousands of threats, your business is presented with a much more manageable number of items to consider.
Data security of the past has been primarily of a prescriptive variety. The world over found itself on equal footing in terms of what steps were generally recommended for protecting vital information. It’s much the same way that people are advised to eat vegetables and exercise for the sake of their health.
However, AI can develop an intimate understanding of your system, allowing for directive—that’s to say, specific, recommendations for how you can better improve your protective procedures. It’s the difference between being told you should eat vegetables, and being told you should eat carrots.
There is no permanent or foolproof solution to the problem of data breaches that will be readily available in the near future. When one hole is plugged, another inevitably emerges. Investing in the right technological solutions is a dependable way to both prevent data breaches and, catch them early when they happen.
However, technology is no substitution for attentiveness. Human error is the constant thread that connects most major data breaches. Innocent mistakes with big consequences can be reduced with attentiveness.
As AI does its good work, businesses can provide themselves further protection by practicing good password hygiene, and by educating employees on the steps they need to take to keep their information safe.
Abby Thompson, Digital Strategist at Campus Explorer, has spent thousands of hours researching and developing theories on big data analytics and the Internet of Things. Currently, she is focused on technological advancements within the future of education technology.