How AI, automation protect enterprises against data breaches: IBM study reveals

How AI, automation protect enterprises against data breaches: IBM study reveals

A game-changer for organizations is the integration of AI, automation, and threat intelligence across tech stacks and SecOps teams, reinforcing them against breaches. The advantages don’t end there; in comparison to businesses lacking automation or AI security, it results in increased cyber-resilience and lower spending on data breaches.

The 2023 Cost of a Data Breach Report from IBM Security offers convincing proof of the benefits of making investments in automation, AI, and threat intelligence. The research demonstrates that these solutions lead to shorter breach lifecycles, reduced breach costs, and a more resilient security posture throughout the entire firm by evaluating 553 actual breaches from March 2022 to March 2023.

The results provide a sigh of relief for CISOs and their teams, especially given the difficulties of understaffing and handling several goals, such as protecting virtual workforces while assisting new business initiatives. According to the report, the average global cost of a data breach has increased by 15% over the last three years, reaching a record high of $4.45 million. More than ever, there is an urgent need to identify and stop breaches as soon as possible.

IBM’s Institute for Business Value research, which provides a thorough overview of the digital landscapes, also emphasizes the importance of AI in cybersecurity efforts. Currently, 35% of businesses are using automation and AI to find endpoints and improve asset management. In three years, this use case is expected to increase by 50%. It is the perfect application for AI to use in preventing breaches because of the rising amount of new identities on each endpoint.

Why AI needs to be cybersecurity’s new DNA

Attackers use a variety of strategies to stay undetected in the constantly evolving world of cyber threats. They are continuously changing, doing everything from checking public cloud instances for security flaws and improper configurations to developing new malware and ransomware strains. The sophistication of social engineering and pretexting assaults is increased by using ChatGPT and generative AI.

Cybercrime gangs and advanced persistent threat (APT) organizations actively look for AI and machine learning experts to create their Large Language Models (LLM) to defend against these sophisticated attacks. They want to create malware that can trick the existing crop of threat detection and response systems, starting with endpoints.

Leveling the playing field against attackers is a challenge for Chief Information Security Officers (CISOs). To stay ahead of the competition, they must employ threat intelligence, automation, AI, and machine learning techniques. The IBM analysis offers convincing proof that AI is producing noticeable effects, placing it as the foundation for cybersecurity in the future. Organizations can strengthen their security mechanisms and protect their priceless assets from persistent cyber threats by adopting these technologies.

Integrating AI and automation reduced the breach lifecycle by 33% or 108 days:

According to IBM, businesses that integrate automation and AI into SecOps teams at the platform level reduce breach lifecycles by one-third, or 108 days, on average. This represents a huge improvement over the typical 214 days. On the other hand, breaches in enterprises typically endure 322 days on average without AI or automation. By embracing these technologies, detection and response capabilities can be greatly improved, minimizing the effects of breaches and enhancing cybersecurity.

Extensive use of AI and automation resulted in 33.6% cost savings for the average data breach:

Improved visibility, detection, and real-time response to suspected incursions and breaches are all advantages of integrating AI and automation across a tech stack. The average cost of a breach for firms without such solutions was a startling $5.36 million.

However, businesses who heavily incorporated AI and automation to support their SecOps teams, technology stack, and cyber-resilience strategies reported much lower costs associated with data breaches. Just $3.6 million on average was spent on breaches that used extensive AI and automation. Building a solid business case to invest in AI and automation for improved cybersecurity and risk mitigation is made much easier by these significant cost savings.

Despite the advantages, just 28% of enterprises are extensively integrating AI and automation:

The fact that just about one-third of surveyed businesses have used AI and automation despite the huge advantages these technologies offer is astounding. According to IBM’s analysis, 33% of businesses had limited adoption and relied on outdated or legacy systems that hackers have developed ways to circumvent.

Furthermore, according to a CrowdStrike analysis, 71% of intrusions listed in their Threat Graph were clean of malware. Attackers take advantage of any weakness they can, focusing mostly on identities and credentials with privileged access. Attackers’ use of AI to evade detection and steal cloud identities and data emphasizes the significance of AI-driven cybersecurity technologies that are clever and AI-driven.

Only 1% of firms have a high level of visibility over their assets in 2022, according to Gartner’s Innovation Insight for Attack Surface Management research, but that percentage is anticipated to climb to 20% by 2026. Gartner highlights the importance of integration at scale with secured APIs and the necessity of Cyber Asset Attack Surface Management (CAASM) to give SecOps and IT teams an integrated picture of cyber assets. To protect enterprises from possible hazards as cyber threats become more sophisticated, proactive use of AI and cutting-edge cybersecurity measures is vital.

IBM’s study shows that SecOps teams are still losing the AI war:

The majority of SecOps teams, according to the survey, still significantly rely on manual procedures and have not fully adopted automation or AI, showing a huge discrepancy with CEOs’ goals to increase cybersecurity through AI adoption.

It’s interesting to note that while 93% of IT leaders claim to be using or considering implementing AI and ML to improve their cybersecurity tech stacks, just 28% have actually done so. Attackers are using the knowledge of AI, ML, and generative AI experts to launch persistent attacks at machine speed and scale in the meanwhile. To escape detection, they use a variety of strategies, such as DDOS attacks and living-off-the-land (LOTL) approaches, and tools like Powershell, PsExec, and Windows Management Interface (WMI).

IBM Security Threat Intelligence’s Chris Caridi, a cybersecurity analyst, notes that extortion campaigns have moved beyond ransomware and now employ a variety of tactics, including DDoS attacks, data encryption, and the new double- and triple-extortion threats, which combine multiple elements for increased impact.

Another serious issue is the deepfakes’ increasing prominence. Assailants used a fake version of Zscaler CEO Jay Chaudhry’s voice to demand money from the company’s operations in India during a deepfake attack. Chaudhry issued a warning that deepfakes who imitate appearances are also on the rise as sound impersonation. The Department of Homeland Security has published a guidance on the Growing Threats of Deepfake Identities in response to this growing concern.

Organizations must employ AI-driven cybersecurity solutions to remain ahead of attackers as the cyber threat landscape changes, and they must vigilantly guard against deepfake attacks and other sophisticated techniques. Strategic defensive tactics and the proactive use of cutting-edge technologies can protect companies and their assets against ever-evolving dangers.

AI discovers anomalies at scale and machine-level speeds:

Using AI and automation to personalize security and enforce least privileged access has real advantages. SecOps teams that have AI and automation built into their tech stack are exceptional at seeing and responding to anomalies that could indicate an intrusion or breach.

In-depth analyses of user and system activity data using AI and ML are very helpful at enhancing threat intelligence systems. According to IBM’s research, a threat intelligence system’s ability to analyze real-time data using AI and ML algorithms can cut the time it takes to identify breaches by an average of 28 days.

Organizations may improve their cybersecurity skills, spot breaches more quickly, and proactively address possible risks by utilizing AI and automation, which will strengthen their overall security posture.

Breaches cost less if SecOps teams find them first:

Instead than depending on announcements from attackers or alerts from law enforcement, AI helps SecOps teams find breaches on their own. They nearly save $1 million thanks to this proactive approach. The study also examined the mean-time-to-identify (MTTI) and mean-time-to-contain (MTTC), both of which were markedly shortened by thorough integration of AI and automation. Organizations that adopt AI can reduce expenses while also responding quickly to breaches, reducing their impact and improving overall cybersecurity.

Keep AI, automation, and threat intelligence in the context of zero trust:

With zero trust, all threat surfaces must be constantly monitored and secured because it is assumed that a breach may have already happened. The IBM study attests to the effectiveness of automation, machine learning, and AI in delivering real-time threat intelligence.

John Kindervag, the man behind zero trust, underlined the value of starting with a protect surface rather than depending entirely on technology during a recent interview with VentureBeat. His suggestions are in line with the extensive use of AI, ML, automation, and threat intelligence, producing significant effects. These technologies can significantly improve cybersecurity defenses by adhering to the Kindervag-proposed zero trust principle of protecting one attack surface at a time.

Leave a Comment