In this age of continuously evolving technologies and increasing cyberthreats, it is important for organizations to critically analyze the effectiveness of those solutions that are designed to solve privacy and security issues. There are new threats and vulnerabilities that are discovered on almost a daily basis. When we combine these with the use of emerging technology, the cyberthreat exposure increases multifold.
The lens used to respond to the holes in security and privacy is sometimes based on data, but more often than not it is unfortunately based on subjective analysis, bias and limited data sets. It is not surprising that as humans, we view solutions to problems based on experience. Instead of this experience resting off collected data sets, we have the tendency to base it off of judgement and a typical recency bias to security or privacy incidents. The key here is that personal data are more exposed than ever as a result of new-age technology but are seldom protected from being stolen or corrupted.
The good news is that we have several current technologies, such as artificial intelligence (AI) and blockchain, that can help us understand the trends of security incidents, analyze cause and effect, and reveal which aspects of personal data are under threat. There are several smart security solutions that are preventative in nature and can be implemented to avoid security or privacy incidents; however, these solutions may not be sufficient to tackle unforeseen privacy breaches and effectively respond to them at the same time. Therefore, AI may play a vital role in developing cyberthreat models to predict security and privacy breaches and help security teams to develop proactive solutions.
In the Verizon 2022 Data Breach Investigations Report, there are three key trends. The first is that credentials being stolen contribute to nearly 63% of the data breaches. The other two alarming trends point to insider threats and an overreliance on third-party vendor security controls. These trends indicate how prevalent privacy and security incidents are, especially because the leading causes for these attacks are stolen credentials, phishing, vulnerabilities and botnets. It is imperative to think about innovative approaches to solving these concerns rather than relying only on regulatory rules or subjective biases of security teams responding to incidents. The report also indicates that emerging technology is more prone to attacks, almost at a doubled rate than in the past five years.
One solution includes objective analysis of data sets that have been exposed to privacy and security incidents and baking in AI models that can predict the threats and the attack vectors as well as learn from the root causes of such incidents. This solution can be added into the existing security infrastructure of any organization, thereby providing alerts and threat intelligence on the go. Once these alerts are generated, smart solution options should be presented (based on historical data analysis). We already are seeing the emergence of several market players such as Cisco Umbrella or open-source threat intelligence tools such as Echo Sense. If any of these tools could build in predictive analysis and utilize machine learning to predict and stop cyberthreats, then we will have won half the battle against security and privacy concerns in the virtually connected world.
Editor’s note: For further insights on this topic, read Shini Menon’s recent Journal article, “Privacy, Security and Bias in Emerging Technologies,”, ISACA Journal, volume 4 2022.
ISACA Journal turns 50 this year! Celebrate with us—and do not forget you can still receive the print copy by visiting your preference center and opting in!