Today’s AI-powered data security solutions aren’t enough on their own

Published September 30, 2019   |   

Right now, the need for a wholesale upgrade of the way businesses handle data security has never been more obvious. With each passing day, the threats to that data will grow and become an even bigger source of risk. One need only look at the companies who’ve fallen victim to data breaches in recent months to understand the scope of the problem.

The thing that’s holding some businesses back, though, is that their data systems are so sprawling that it’s hard to protect everything in real-time. That’s causing many businesses to make large investments into AI-powered security products that they hope will keep their data safe. They’re not, however mature enough to provide the kind of protection that some businesses expect. To elaborate, here’s a look at the state of AI-powered data security, and why we may be at a dangerous point of the technology adoption cycle that could be a disaster in the making.

A useful tool, not a Panacea

Right now, there’s no doubt that AI will eventually become the backbone of next-generation data security. It has the ability to monitor much larger attack surfaces than any team of humans could hope to match. It should also be able to adapt to evolving threats faster than current-generation solutions and won’t rely on the individual expertise of operators. Today’s AI, however, isn’t at that point yet.

One of the problems that today’s AI-powered data security solutions face is the fact that they mostly use hand-picked data to train on. That kind of supervised learning carries some benefits but relies on the source data to be a near-perfect representation of what the AI will face in the real world. As any data scientist can tell you, that’s a difficult standard to reach. In addition, many rely on single-algorithm solutions that create an all-or-nothing approach to security. If such a system contains a flaw, nobody will spot it until it’s too late.

Where the weaknesses are

Much like existing data security solutions, current-generation AI data security products are still vulnerable to the unexpected. They still have a hard time in spotting zero-day attacks, which don’t always conform to known patterns. At a time when an estimated 37% of all cyber-attacks involve zero-day vulnerabilities, that’s a significant weakness that no business can afford to overlook. To minimize the threat, most AI solutions try to compensate by focusing on lightning-quick mitigation tactics when an attack is detected, even if the scope of the attack isn’t yet known.

That in and of itself isn’t the issue. The problem is that today’s AI security solutions are marketed as being far more effective than they really are. That’s causing companies to over-rely on AI technology and move away from traditional defensive measures. In a way, it’s akin to leaving your front door unlocked because you own a guard dog – while the dog may thwart an intruder, it won’t prevent the damage that results from the fight.

A machine-human collaboration

Right now, AI data security solutions should be looked upon as an aid to human security personnel. There’s still no substitute for the knowledge and experience of a cybersecurity expert. Those with the right skills possess the kind of intuition and instincts that can’t be quantified or replicated by today’s AI solutions. In almost every case, the best way to thwart a human attacker is still with a human security professional.

That doesn’t mean, however, that businesses are wrong to be making big investments into AI-powered data security. They already make for a vital force-multiplier, which in the right hands, does help keep data secure. They’re just not sufficient on their own. Going forward, such platforms are going to improve and become even more useful in the never-ending fight against cybercrime. Once more platforms adopt deep learning approaches to improve the ability of the underlying AI to learn on the job, the equation will almost certainly change.

Not a one-sided fight

It’s also important to recognize that those with data to protect aren’t the only ones enlisting the help of AI products. IBM’s research arm has already proven that AI-powered malware presents a threat that today’s defenses can’t defeat. That makes it even more vital that businesses do not fall into the trap of believing that AI data security alone is enough to keep them safe. For every bit of technology, they bring to bear on the problem, attackers respond in kind.

What we’re seeing now is like an arms race, with each side hoping to outmaneuver the other in a never-ending struggle for digital supremacy. With the continued adoption of big data and the rapid growth of IoT technology, it’s a fight that’s not going to end soon – if it ends at all. For that reason, the bottom line is that while AI is a boon to most businesses’ data security efforts, it’s no silver bullet. Staying safe requires organization-wide vigilance and a mix of human knowledge and the latest in digital defenses. Only with all three in place does a company stand a good chance. A good chance avoiding the kind of data breach that’s become all too common in the world today.