Sharing insights across an industry can dramatically improve security measure. Source: Shutterstock

Sharing insights across an industry can dramatically improve security measure. Source: Shutterstock

Expert: To ensure security, companies must rely on insights and trust AI

Cybersecurity remains a great concern for enterprises and organizations across industries due to the constantly evolving nature of threats. Despite the abundance of security products, cybercriminals remain consistent in finding new loopholes and flaws in the system to steal data, hijack payment systems or paralyze operating systems.

While leveraging cybersecurity software can be deemed effective, but MIT professor Daniel Weitzner believes that pooling insights on cybersecurity cases will profoundly impact the way companies choose to protect themselves. The way in which CISOs treat threats and strategize protective measures need to change for the better – this means their attitude and mindset as well.

According to the expert, there are several prominent issues that are straining companies from effectively tackling cyber threats and securing their data. However, a viable solution is within reach if companies start working with each other within similar industries by sharing intelligence, insights, and experience dealing with risks or attacks.

To begin with, companies do not have a holistic understanding of the different threats that exist and the risks that are present within the proximities of their existing systems. This will then cause most companies to invest unstrategically in security products or innovative solutions – and the results may not always be as impressive, too.

Weitzner commented, “When you have an honest talk with CISOs and ask them much they spend on security and if it’s enough, they tend to make comparisons to their peers (rather than assess the effectiveness of the spend). No one is able to measure the ROI on different cybersecurity defensive approaches.”

For this reason, the expert has lobbied for companies to pool information on cybersecurity strategies and measures – which he is actively doing through a cyber-intelligence project with 10 large enterprises. Among intelligence and insights that are being gathered include records of attacks and threats, ineffective or failed defense strategies as well as the cost of the failures.

While it is understandable that companies resort to pursuing the latest solutions marketed because providers make great promises, it is more effective to compile data from peers to drive better defense decisions. He added, “We are gradually moving to a point where we will be able to make concrete formal claims about what kinds of defenses are effective and which ones are not.”

Although this method is noticeably rare, the expert believes once insight pooling is practiced, companies can steadily structure a sound defense system. The pooled insights and experiences can then, be streamlined into data that can be integrated into artificial intelligence (AI) capabilities.

This is why the expert also draws attention towards companies developing greater trust in AI because the solution will be a fundamental proponent in combatting cybercrimes as we move forward. AI is gradually becoming a reliable tool in mitigating cyber risks and countering attacks as it is faster, smarter, and drives better decisions – especially when it is fed with a rich amount of insightful data.

While companies do not generally have high trust in AI because they do not understand how the tool comes up with a decision or solution to a problem.

One way to resolve this is to develop a thorough understanding of the operational mechanism of AI and particularly, how it would work within the context of cybersecurity. With a more defined understanding of threats, availability of insights and higher trust in AI, companies can ultimately devise an effective defense mechanism to protect their data and digital platforms.