AI and Automation are now essential in reducing cyber risk

New figures from IBM quantify the impact of automation on security, but they also raise a warning for companies using generative AI.

Anthony Woodward

Founder/CEO

Share on Social Media
August 13, 2024

Subscribe to FILED Newsletter

Get your monthly round-up of the latest news and views at the intersection of data privacy, data security, and governance.
Subscribe Now

Hi there,  

Welcome to FILED Newsletter, your round-up of the latest news and views at the intersection of data privacy, data security, and governance.  

This month:

  • Elon Musk’s X stops the collection and processing of personal data for the development of its AI tool, Grok.
  • A small majority of phishing attacks bypass security protection.
  • Most SaaS cyberattacks are over and done with in 30 minutes to an hour.

But first:  

IBM’s annual State of a Data Breach Report has lessons for security leaders: you need to use AI and automation. But to properly leverage these tools, you need to understand your data.

If you only read one thing:  

When it comes to lowering the cost of a data breach, AI is a no-brainer

IBM’s annual Cost of a Data Breach report was released last month, signaling increased challenges for organizations when it comes to securing customer and company data. The headline finding is a 10% jump in the cost of a data breach, up to US $4.88 million, the biggest jump since the pandemic. Unsurprisingly, organizations that lacked visibility over their data saw increased data breach costs. A third of data breaches involved shadow data, or data held in unmanaged data sources, and these breaches cost an average of US $5.27 million.

Meanwhile, organizations that had centralized control over their data—which in the context of the report meant breaches involving data stored solely on premises—took 23.3% less time to identify and contain than breaches involving data distributed across environments. These results make it plain: a data-centric approach to security, such as data security posture management (DSPM) is now essential.

But regular readers of this newsletter won’t be surprised to hear that the section on AI caught my eye, as it presented some concrete figures to demonstrate the value of the technology. Organizations that made extensive use of AI and automation across prevention workflows—attack surface management (ASM), red-teaming and posture management—saw US $2.2 million lower breach costs compared to those that did not use AI in prevention workflows. This finding was the largest cost savings in the report. Automation in any security function reduced the average Mean Time to Identify (MTTI) and Mean Time to Contain (MTTC) for data breaches by 33% for response and 43% for prevention.

For cybersecurity teams, the threat landscape has evolved, and AI and automation are vital to reducing cyber risk. This is, ahem, a no brainer.

AI the problem, AI the solution

But elsewhere in the report came a warning: AI (in this case generative AI) also offers attackers more opportunities, and a wider attack surface — and most organizations are unprepared.

Per the report, only 24% of GenAI initiatives are being secured, which threatens to expose the data and models to breaches. As well as securing the deployment of the models themselves, and governing their usage, successful adoption of AI depends on securing the training data. Organizations deploying AI tools like Microsoft Copilot must ensure the model only has access to high-quality data (no ROT) that has been classified to enable sensitive customer data to be masked or removed. Before you deploy AI, ensure you have a data inventory that covers your entire data estate—you do not want shadow data entering the model, and you need to remove any data you are not entitled to. Again, an approach like data security posture management should be a prerequisite of any AI initiative.

In the case of Copilot, where the model inherits the access permissions of the user, ensure access management has been audited to reduce the risks associated with over-permissioned users. You should be doing this anyway; phishing was the second-most prevalent attack vector last year, per the IBM report. And track data provenance: the origins, ownership, and lineage of data throughout its lifecycle. We go into a little more depth on this on our site.

Establishing data provenance will help you in other ways, too, like ensuring regulatory compliance. When we speak to organizations, they say compliance with these laws is challenging, as data discovery and understanding can often be limited to a point in time analysis. As we approach the potential introduction of amendments to the Australia Privacy Act this month, for example, Australian organizations need to prepare for enhanced requirements, such as minimum and maximum retention periods in line with data minimization as a protection mechanism. They will also have to adapt to General Data Protection Regulation (GDPR)-inspired rights for data subjects, who may be empowered to request access to, object to the collection of, and erase data held by organizations.

When you have reliable data provenance, you can leverage AI to help you fulfil some of these obligations. You can more easily enable traceability in AI models and their data sources, making it easier to enable clear explanations of AI decisions to stakeholders and regulatory bodies, leading to explainable AI (XAI) outcomes.

It all comes back to AI, and smart, safe usage of AI comes back to understanding your data.

🕵️ Privacy & governance

A manager who thought they were doing the right thing by updating staff on an employee’s welfare following a medical episode breached the employee’s privacy, according to Australian Privacy Commissioner Carly Kind, who fined the firm AU $3000.  

Elon Musk’s X agreed to temporarily halt the collection and processing of personal data from European Union (EU) users for the development of its AI tool, Grok. The halt followed a legal challenge initiated by Ireland’s Data Protection Commission (DPC) over concerns about the platform’s data practices.

Illinois Governor J.B. Pritzker has signed a bill into law to curb the penalties companies could face for improperly collecting and using fingerprints and other biometric data from workers and consumers. Under the bill, companies would only be liable for one violation per person, rather than for each time biometric data is misused.

🔐 Security

The majority of phishing emails bypass security protection, according to researchers.

An analysis of 230 billion SaaS audit log events shows the majority of SaaS cyberattacks are “smash and grabs”, where attackers log in, download information, and leave, all in between 30 minutes to an hour.

Former US President Trump’s campaign said its internal communications were hacked, blaming a hostile foreign actor.

A profile of "ransomware negotiator" Nick Shah.

And then a profile of the FBI's 65-person "Cyber Action Team".

The latest from RecordPoint  

📖 Read:

More on the IBM’s Cost of a Data Breach Report: a data-centric approach to cybersecurity is now table stakes for organizations who wish to do right by their customers. A look at the numbers and how organizations should respond.

Mailbox compliance presents many challenges for any organization, from high volumes of data to vastly varying types of content. Learn how to overcome them with our new Microsoft Exchange connector, designed to make mailbox compliance a breeze.

Microsoft Copilot comes up a lot lately, as organizations see the model as a streamlined way of harnessing generative AI. And Copilot offers many benefits, but it also brings risk. Learn how to harness the power of Copilot while keeping your data secure and ensuring your customers' privacy.  

Register for our upcoming webinar with Microsoft, focused on the power and potential of Copilot, as well as the risk implications that come with it.

When managing large volumes of data, data minimization is crucial. But what about the data that needs to be retained? This article explores why data might need to be kept, the risks of over-retention, and steps for ensuring the data you do keep is secure.  

Learn how the City of Nedlands used RecordPoint to manage records classification and disposal, remove the ROT, and reduce the risk of data hoarding.

🎧 Listen:  

DataCo co-founder Danny Tyrell joins the podcast to discuss how his company helps companies to learn more about their customers in a privacy-preserving way, by connecting them with trusted data sources

bg
bg

Get hooked on FILED

This can be a fast-paced, complex industry and it can get overwhelming. FILED is here to help you navigate it.