The role of AI in data protection

As the pace of digital transformation across organisations ramps up, the digital attack surface also rapidly expands, making businesses more vulnerable to cyber threats.

The Office of the Australian Information Commissioner (OAIC) revealed earlier this year that there were 40 large-scale data breaches¹ in the second half of 2022, including five massive data breaches which affected between one million and 10 million Australians. The total number of large-scale data breaches increased by 67% in comparison to the first half of 2022. More recently, news of a global breach involving giants such as PwC and EY demonstrates the rising sophistication of cybercriminal activity and the far-reaching implications of security gaps.

Afraid of becoming the next organisation to report a breach, companies are increasingly turning to the automation of processes, powered by technologies such as artificial intelligence, to strengthen their data-driven security approach and bolster data protection across any industry, while maintaining the privacy of user data.

Warehouses are a practical example of industry vertical that can adopt a data-driven security approach which respects the privacy of user data. AI can be set up to create a data-driven approach to worker safety, processing videos and sending alerts to employees to warn them when they’re in proximity to a potential health and safety hazard. Cameras can monitor for potentially dangerous scenarios within the warehouse without needing to track or store the employees’ faces, avoiding the risk of breaching their privacy.

Translating this example into cyber environments, businesses are deploying more IoT devices and AI to make better informed decisions more quickly, which is helping them build more efficient systems and drive the bottom line without exposing sensitive personal data.

Now, let’s explore some of the significant ways in which AI inherently contributes to the safeguarding of data.

Automating the entire security framework

With remote working enabling people to work on the go and across multiple devices, a security-first approach is a must if businesses (and their employees) wish to continue moving forward while protecting critical information.

The good news is that the right tools, such as machine learning and preset rules, can help companies with the heavy lifting part of the job. Considering the rising costs associated with data breaches, embracing artificial intelligence, analytics and automated orchestration to deploy systems for security automation is not only a smart move, it is a necessary one.

Following are some of the ways AI and automation can lend themselves to different steps of the security framework.

1. Evaluating threats

As an organisation’s attack surface expands, the volume of data that cybersecurity teams must analyse to identify suspicious activity also grows exponentially — that’s where AI comes into play. It can sift through high volumes of data quickly and identify anomalies in real time, allowing teams to take a proactive stance when it matters the most, and stop the attack before it escalates.

2. Flagging breaches

Continuing on the point above, automation can reduce the workload volume and its consequent strain on security staff by alerting the company about behavioural changes that might indicate a breach. It goes beyond simply flagging the breaches in data protection, as AI can also signal breaches related to the content within that data, so that companies know exactly what information has been exposed and how sensitive it might be.

3. Amending vulnerabilities

Additionally, AI can find potential data vulnerabilities and address them before they can be leveraged by an attacker. If more organisations start using AI to simulate an attack, they can correct or improve their defence system or new software and correct any flaws before it becomes public.

Another option is using generative neural networks (GNNs) to collect biometric information, which eliminates the need to gather other personal data, such as password, date of birth or email address.

A well-rounded security strategy

Despite mentioning hybrid work as a pivotal factor for adopting new security tools, it’s important that business leaders think of the entire business and its endpoints holistically, as they deploy new technologies to enhance security levels.

When businesses think of devices that require protection, they usually think of smartphones, laptops, tablets, PCs and IoT equipment. Devices such as thermal barcode printers and other warehousing hardware are often overlooked, even though they are connected to an IT network and are indispensable to the everyday operation of many industries, storing high volumes of both company and consumer data.

When it comes to adopting AI-powered software and building a well-rounded security strategy that includes data protection and data-driven security for the workplace, businesses should aim to apply it to all devices that can eventually be at risk. After all, the threat is only as large as the exposed surface.

_{1. Large-scale data breaches refer to any data breach that affects more than 5000 Australians.}

Image credit: iStock.com/maxkabakov