Cybersecurity and AI/ML, Before the New Age of AI: Insider Risk

Powered by

Derek E. Brink, VP and research fellow at Aberdeen Strategy & Research, brings to us Part IV of his six-part series on the expanding scope of cybersecurity in the new age of AI. This fourth chapter takes a closer look at insider risk – the need to understand how visibility and context matter in data breaches and how to protect your valuable data with the right AI/ML technology.

Since the introduction of ChatGPTOpens a new window on November 30, 2022, we can’t seem to consume enough about artificial intelligence (AI), as this chart from Google Trends helps to illustrate:

Over the past three weeks, I’ve been sharing a few projects from my work at Aberdeen Strategy & Research that illustrate how AI/ML technologies have already been leveraged for several years now by leading cybersecurity providers, with examples in endpoint detection and response, email security, and managed detection and response. 

Here’s another illustrative example that I hope you’ll find interesting, from a 2021 Aberdeen studyOpens a new window on how AI/ML is being applied to recognize patterns in user behaviors and data movements to predict and prevent insider risk. Some highlights and key takeaways include:

• Understanding your organization’s insider risk requires two things: Visibility and context into how many of your valuable files are being exposed through day-to-day activities, and quantification of the business impact if this data is compromised.
• Aberdeen’s analysis of 3,255 confirmed data breach disclosures over a two-year period found that about 1 in 3 data breaches involve insiders, and about 80% of those are unintentional.
• The ideal approach to safeguarding enterprise data is first ready (visibility and context), then aim (risk), then fire (controls). But Aberdeen’s benchmark research in this area has shown that most organizations are strongly oriented towards implementing technical controls for data protection without really having the visibility, context, and risk — i.e., heavy on the “fire,” and light on the “ready” and “aim.”
• Without visibility and context into enterprise file movements, the process of making business decisions (i.e., data governance) with respect to your insider risk is based on mere intuition and gut feeling. We humans simply can’t do this at the speed, scope, and scale required for the modern enterprise — hence the need for AI/ML.
• Empirical data from a leading solution provider — reflecting more than 110 billion enterprise file movements and 2.2 billion data exposure events over a 5-quarter period — showed that most enterprise file movements are benign, but a material percentage of them put your valuable data at risk. For the private sector overall, file exposure events as a percentage of all file movements ranged from 1.7% to 2.4% (median: 2.0%) over the past five quarters — but with significant variation by industry, as shown in the following chart.

Understanding Your Insider Risk: A Material Percentage
Of All Enterprise File Movements Expose Your Valuable Data

Source: Empirical data adapted from Code42, 1Q2020-1Q2021; Aberdeen, May 2021

• Not surprisingly, the two greatest vulnerabilities for your valuable enterprise data, expressed in terms of data exposure events as a percentage of all file movements, were:

1. 1. Data synchronized to cloud-based storage services: 35.5% to 64.4% (median: 48.5%)
   2. Data written to or read from removable media: 23.5% to 45.3% (median: 35.7%). 

The key question is: Do you currently have this kind of visibility and context for the enterprise file movements and data exposure events throughout your own organization? 

The need for these capabilities has never been greater — and AI/ML-enabled cybersecurity solutions are specifically designed to make them available.

Aberdeen’s new research study on AI in the Enterprise: The State of AI in 2023 looks at AI use cases in several business areas, including cybersecurity, IT infrastructure, sales & marketing, financial management & ERP, manufacturing & engineering, and retail. The study will be closing soon. Watch this space as we will soon begin sharing our key findings and insights from this project.

MORE ON CYBERSECURITY AND AI/ML BEFORE THIS NEW AGE OF AI

• Cybersecurity and AI/ML, before this new Age of AI: Endpoint Security
• Cybersecurity and AI/ML, before the new Age of AI: Email Security
• Cybersecurity and AI/ML, before the new Age of AI: Managed Detection and Response