Finding a needle in the cybersecurity haystack
THE DIGITAL lifestyle has pervaded every aspect of our lives – from banking and grocery shopping to even paying our taxes and brings us convenience.
Every business is leveraging technology to attract and retain customers.
Every online interaction – from our Facebook likes and connections on Instagram to our travel habits – contributes to an individual’s online presence and digital identity.
While companies can use this information customize their offerings to suit the consumer’s buying patterns, the trade-off is that the high value of personal information in these digital identities brings a whole set of cybersecurity risks for both consumers and businesses.
In an exclusive interview with Tech Wire Asia, Leonard Cheong, Managing Director of AdNovum Singapore discusses the challenges associated with data privacy and cybersecurity, and the role of machine learning (ML) in solving those problems.
With the explosion of connected devices and boom in Singapore’s e-commerce landscape, predicting and detecting cyberattacks from a massive volume of digital data is as difficult as finding a needle in a haystack.
“Cyberattacks contribute to the erosion of consumer trust and create a host of operational and reputational risks for businesses,” said Cheong.
Machine learning to the rescue
To stay ahead in the cybersecurity battlefield, companies should look to machine learning to improve threat prevention and response.
By contributing to the automation of more repetitive security tasks, machine learning allows cybersecurity teams to reassign resources to business-critical issues.
Unfortunately, according to a 2017 Survey by ServiceNow, only 32 percent of organizations in Singapore currently tap into machine learning, despite over 87 percent of IT decision makers believing that machine learning can speed up decision-making and improve security operations.
There is a huge opportunity to harness the power of machine learning to combat cyber threats. Implementing a strong customer identity and access management solution (CIAM) is no longer good enough.
It’s important for organizations to embed machine learning in their security operations to proactively detect and prevent unauthorized entry, fraudulent transactions, and loss or misuse of customer data.
In fact, machine learning is no longer a ‘nice-to-have’ but a ‘must-have’ feature that is here to stay as the cybersecurity battle continues.
Replace manual processes efficiently
Let’s look at fraudulent transactions in the banking world as a case in point.
For example, when a customer phones a bank to report a fraudulent transaction, cybersecurity professionals often resort to collecting vital information – such as date, time, geo-location and the type of device used – through a lengthy manual information gathering process.
This information is then matched against the customer’s established usage patterns to determine whether the transaction was indeed fraudulent.
This post-event reactive follow up is usually a painful process for both the customer and the business.
“Machine learning can help eliminate this pain by automating the data analytics process and may even potentially prevent fraudulent transactions from occurring through a risk detection system embedded with machine learning capabilities,” explained Cheong.
Risk detection systems that are designed with machine learning features can help identify in real time, whether the digital identity has been compromised or if a transaction is legitimate and trigger the appropriate action to prevent further damage by the perpetrator.
ML for better threat response
With risk detection systems powered by machine learning, CIAM systems can quickly learn, understand, and build upon user behavior patterns, to identify the threat and take appropriate action in real time.
If a suspicious transaction is detected, an immediate action such as terminating the session or requesting for further authentication will be initiated, without significantly hindering the customer’s online experience.
The systems can also be trained to analyze changing user behavior and be able to detect false alarms.
This reduces the chances of customers being alerted unnecessarily, improving customer experience in the long run.
Unlike human-powered traditional cybersecurity teams, such risk detection systems work round the clock, are able to detect any anomaly, and take appropriate action.
The future of cybersecurity lies in the strengths of machine learning and cybersecurity professionals.
While machine learning can optimize security and help make digital identities much more secure, it is not a panacea to all cybersecurity challenges – such as human error, poor judgment and ineffective technology.
Machine learning can perform the heavy lifting in onerous, repetitive tasks and provide actionable insights, security and risk professionals are still required to decide on follow up actions.
By balancing machine learning and human insights, finding that needle can become a much more achievable task.