AI in data security land: a choose-your-own-adventure story

8:30 a.m.

You wake up, get out of bed, and start your morning routine: taking a quick shower, brushing your teeth, throwing on your work outfit.

Upon reaching the office, you mentally brace yourself. Starting today, the next few months are going to be extremely tiring and stressful, but for a good reason: The fintech startup you founded about a year ago is growing rapidly and onboarding tons of new users.

That said, becoming a bigger fish also means you’ve painted a larger target on your company’s back for hackers and malicious actors to try and steal your users’ data. It’s time to shore up your capabilities and build a much more robust infrastructure. Even though you’re not a developer or security expert, you’re looking to do the best job possible.

You step into your first meeting with upper management to discuss the issue.

Here comes the cavalry

Now you’ve got a clearer understanding of the twists and turns that could happen on your journey – ultimately, even if you think you’ve got the right answer to data security, it doesn’t mean all your problems are solved. However, there’s a simpler way to tackle many issues at once while solving for scale: artificial intelligence.

Additionally, classifying the risk level of data comes with lots of considerations. Even something as simple as an email can result in very different scenarios. If you’re letting your colleague know you’ll be out of town, that isn’t sensitive information. But if you’re sending a spreadsheet with customer information instead, then the situation changes entirely.

The content of the email is just one factor. Companies also need to account for other things like who the email is being sent to or what server it is being stored on, for instance.

Now take this scenario and apply it across all the different data points the company generates and stores.

“If you look at classifying risk based on all that and doing it manually, it can be extremely difficult to find the right risk pattern [and formulate appropriate security measures],” he points out.

“AI, on the other hand, excels at identifying and classifying complex patterns like these.”

Not only that, but something as subjective as categorising risk levels can be extremely prone to human error and biases. For example, one person might feel like a high level of security isn’t necessary for an email to the company’s CEO asking for a past report, but another colleague might feel that any correspondence with the head of the company warrants much heavier protocols.

Add on the fact that they’d have to do this across potentially millions of files and pieces of data, and it quickly becomes clear why having AI added to data security will become essential.

Making it fit like a glove

Just knowing how crucial AI is isn’t enough of course. Like any other tool, AI comes in varying forms and levels of effectiveness. To truly capitalise on its benefits, companies need to make sure that the solutions they want can help address their specific needs.

One of the most important aspects is ensuring that the AI can clearly explain to a person why it made certain decisions and classifications, says Brosnan.

“It can’t be a black box,” he adds. “Being able to query the AI and understand why it made that decision is very important in building up confidence in the technology.”

Additionally, the AI model needs to be closely aligned with the data of the company that wants to implement the tech.

Having AI that can highlight common risks and compliance considerations – such as regulations like the General Data Protection Regulation – is all well and good, but to boost its effectiveness, the AI model needs to be tailored to the specific needs and requirements of the company. That way, it can get as much relevant context as possible to learn and base its decisions around.

Up close and personal

Understanding the unique circumstances of a company and its business model was a crucial advantage in a partnership between Getvisibility and one of its client companies.

The firm in question designs and manufactures recipes for some of the largest food franchises in the world. Naturally, this company had to ensure that the intellectual property was fiercely guarded – according to Brosnan, each recipe was worth between US$20 million and US$30 million.

However, the initial security system that the company put in place had a critical error: When employees wanted to make a purchase order, an automated protocol would flag the email and stop it from going out, as it mistakenly recognized the ingredients listed for purchase as an unauthorised release of the recipe.

When Getvisibility stepped in, its AI solution was trained to understand the nuances and context in this situation, allowing it to tailor the security protocol accordingly. After that, this client smoothly resumed its operations while boasting a much higher level of data security.

“They went from not being able to give concrete assurances surrounding data protections to their partners, to being able to give robust guarantees,” says Brosnan.

Staying human

Even as AI capabilities grow and get even more advanced, Brosnan still believes that human oversight will still be the “most important aspect” of data security.

In that context, AI will serve not as an automated overlord of sorts, but rather an assistant to improve security awareness and training across an entire organisation.

“Ultimately, AI will help data security be far more robust and effective in day-to-day operations.”