AI/ML seen as important as staff as businesses evaluate their still-lagging security response

Still unprepared for GDPR’s visibility and control requirements, Australian businesses blame AI/ML underinvestment for their shortcomings

Australian businesses recognise that they are under fire as rising attack rates strain their inadequate incident response plans – but 62 percent believe the main reason is a lack of investment in artificial intelligence (AI) and machine learning (ML).

That finding – contained within the recent Ponemon Institute-IBM Third Annual Study on the Cyber Resilient Organisation – highlights the growing recognition that existing cyber resilience plans are simply inadequate to keep up with the growing and expanding cybersecurity threat.

Businesses reported a surge in awareness of the value and level of the cybersecurity response. Even though 48 percent said their cyber resilience had improved over the previous 12 months – up from just 27 percent a year earlier – far more know they should be better at resilience. Indeed, 73 percent of respondents said that cyber resilience was of high value to the business – up more than half again compared with the 48 percent figure from a year earlier.

Numerous reasons were cited for inadequate resilience, with 76 percent of respondents admitting they don’t have a formal cybersecurity incident response plan that is applied consistently across the organisation. This, despite 62 percent and 65 percent reporting that the volume and severity of cybersecurity incidents, respectively, have increased.

While companies were more confident in 2017 that they could prevent a cyber attack (47 percent, compared with 37 percent in 2016) or quickly detect a cyber attack (54 percent vs 50 percent), they admitted they were less likely to be able to contain a cyber attack (50 percent, down from 55 percent in 2016).

“Today’s local insights in this research backs the OIAC revealing that in the six weeks following changes to the Privacy Act there were 63 breaches reported,” IBM Security CTO and Master Inventor Chris Hockings said in a statement. “Australian organisations need to understand that with security threats on the rise they need to accept that breaches are unavoidable and it is how you respond that counts.”

Practices such as hiring skilled personnel (named by 68 percent of respondents) were flagged as offering the most improvement – but this figure was only marginally ahead of the percentage that said more AI/ML investment would have improved their cybersecurity response.

Security consultants have long recognised the greater role of AI and ML in helping extract insight from ever-larger volumes of threat information. “Prevention is the only true way of minimising the potential for harm,” Malcolm Harkins, CTO of AI-security pioneer Cylance recently told CSO Australia, ”but we are mostly anchored in detection and response – which is the highest cost, highest risk, and most liable spot for an organisation.”

“We’ve got to have different control philosophy to recognise that bad things will happen; why accept the status quo rather than accepting responsibility to change things, and ideate, and reinvent how to approach the controls for the business outcomes that we really need to deliver?”

As the security community gathered at this month’s RSA security conference, more-intelligent solutions were hitting the market. New additions to cybersecurity toolkits have applied the technology to infrastructure monitoring, automated troubleshooting, and better analytics.

Startup MinerEye, for one, this month launched an AI-based tool for tracking, evaluating and prioritising corporate data for protection as per GDPR requirements. Trend Micro, for one, debuted a beta-stage Writing Style DNA tool that uses AI to recognise a person’s writing style, then to compare it to suspected forgeries.

Analytics giant Splunk this week announced new open-source software and cloud-native data integration initiatives – including a Machine Learning Toolkit to support AI/ML-driven experiments and greater use of detection-and-response focused security tools, such as the new Splunk User Behavior Analytics (UBA) security tool.

Payments firm Stripe this month tweaked its AI/ML models to reduce fraud by a claimed 25 percent or more compared to previous models. Microsoft incorporated machine-learning techniques to help administrators score security risk within their Azure Sphere environment.

These and other AI/ML powered tools reflect the growing recognition that automation has fast become an essential component of any cybersecurity response – spawning a toolset that Gartner has labelled Security Orchestration, Automation and Response (SOAR)

Strikingly, the lack of cyber resilience was likely to translate into significant new exposure for Australian businesses once the European union general data protection regulation (GDPR) comes into effect in late May: only 19 percent of Australian businesses rated their compliance ability as ‘high’, compared with the global average of 56 percent.