Data loss prevention: pairing artificial intelligence with human insight
- Published: Wednesday, 10 February 2021 09:07
AI use in cyber security is growing but over-reliance is a mistake says Oliver Paterson. In this article he explains where AI can play an effective part in a cyber protection strategy and where trained human insight is still required.
The cyber security landscape continues to evolve as cyber criminals become ever more sophisticated, and digital security tools accelerate to mitigate the risks as much as possible. Artificial intelligence (AI) and machine learning (ML) have been heralded as innovative technologies to help thwart evolving exploits and are a key part of any cyber security arsenal. But AI is not necessarily the right tool for every job. Humans are still able to perform intricate decision making far better than machines, especially when it comes to determining what data is safe to send outside of the organization. As such, relying on AI for this decision making can cause issues, or worse, lead to leaked data if the AI is not mature enough to fully grasp what is sensitive and what is not. So where can AI play an effective part in a cyber defence / / defense strategy and where can it present challenges to the user?
One of the primary challenges for AI to mitigate the risk from accidental insider breaches is being able to spot similarities between documents or knowing if it is OK to send a particular document to a specific person. Company templates such as invoices appear to be very similar each time they are sent, with minor differences that, typically, machine learning and AI fail to pick up. The technology will register the document as it usually would, despite there being very few differences in the numbers or words used, and would typically allow the user to send the attachment. Whereas in this example, a human would know which invoice or sales quote should be sent to which customer or prospect.
Deploying AI for this purpose in a large corporation would likely only stop a small proportion of emails from being sent. But even when the AI detects an issue to flag, it will alert the administration team rather than the user. This is because if the AI believes that the email shouldn’t be sent, it doesn’t want the user to override it and send the email anyway. This can therefore become an additional burden for the admin team and cause frustration for the user at the same time.
AI can also be very data-intensive when used for this type of defence strategy. This is due to the fact that in this setup, every email must be sent to an external system, off-site, to be analysed. Especially for industries that deal with highly sensitive information, the fact that their data is going somewhere else to be scanned is a concern. Moreover, with machine learning, the technology has to keep a part of this sensitive information in order to learn rules from it and use it again and again, to make an accurate decision the next time. Given the machine learning nature of these types of solutions, they cannot work straight off the shelf, but have a learning phase that lasts a few months, and therefore cannot provide instant security controls.
Understandably, a lot of companies, especially at enterprise-level, are not comfortable with their sensitive data being sent elsewhere. The last thing they want is it being stored off-site, even if it is just for analysis. AI, therefore, adds an unnecessary and unwanted element of risk to sensitive material.
The role of AI in cyber security
AI does have a critical role to play in many elements of a business’ cyber defence strategy. Antivirus technology, for example, operates a strict ‘yes or no’ policy as to whether a file is potentially malicious or not. It’s not subjective, through a strict level of parameters, something is either considered a threat, or not. The AI can quickly determine whether it’s going to crash the device, lock the machine, take down the network and as such, it is either removed or allowed. VIPRE uses AI and ML as key components in our email and endpoint security services: for example as part of the email security attachment sandboxing solution where an email attachment is opened and tested by AI in an isolated environment away from a customer’s network.
So, while AI might not be an ideal method for preventing accidental data leakage through email, it does have an important part to play in specific areas such as virus detection, sandboxing and threat analysis.
With so much reliance on email within business practices, accidental data leakage is an inevitable risk. The implications of reputational impact, compliance breach, and associated financial damage can be devastating. A cyber-aware culture with continuous training is essential, and so is the right technology.
Providing a technology that alerts users when they are potentially about to make a mistake – either by sending an email to the wrong person or sharing sensitive data about the company, its customers or staff – not only minimises errors, it helps to create a better email culture. Mistakes are easily made in a fast-paced, pressured working environment – especially with the increase in home working not providing the immediate peer review that many are used to. But rather than leaving this responsibility to artificial intelligence, this type of technology, combined with trained human insight, can enable users to make more informed decisions about the nature and legitimacy of their email before acting on it; ultimately, supporting organizations to mitigate against this high-risk element of business, and reinforcing compliance credentials through a cyber-aware culture.
Oliver Paterson is Product Expert, VIPRE Security Awareness Training and SafeSend.