For decades, employees have been inadvertently exposing enterprises to cyberattacks and the threat has remained constant even with the introduction of new security solutions. But what if AI could evolve to address this issue? In this article, Josh Horwitz, COO of Enzoic, examines various scenarios where AI can manage or, in some cases, eliminate human error to keep networks secure.
Every organization is grappling with a security vulnerability that even best-in-class technology can’t fix: namely, human error. Below are just a few statistics that illustrate the severity of the problem:
- Gartner estimatesOpens a new window that up to 95% of cloud breaches occur due to employee blunders such as configuration mistakes
- 43% of employeesOpens a new window have made mistakes resulting in cybersecurity repercussions for themselves and/or their companiesÂ
- 55% of CISOs/CSOsOpens a new window in a recent survey say human error and lack of cybersecurity awareness is the biggest risk for their business, regardless of what cybersecurity solutions are in placeÂ
The threat is real, and it’s not going away. But what if AI could evolve to mitigate or, in some cases, eliminate security’s human error problem?
Enterprise AI adoption has been steadily increasing. In 2019, Gartner foundOpens a new window that interest in AI technologies had grown 270% over the previous four years. The pandemic only served to accelerate adoption. According to recent KPMG researchOpens a new window , 80% of executives at large organizations and 88% of their colleagues at small companies said AI technology was an important part of their coronavirus response.
As mainstream adoption continues, let’s look at ways AI can address the perennial security threat posed by employees.Â
#1 Farewell to Phishing
Falling victim to phishing scams is one of the most common and frustrating human error problems. 79% of people in a 2019 studyOpens a new window could distinguish a phishing message from a genuine email. Yet nearly half of the same respondents admitted to clicking on a link from an unknown sender when at work, and 29% said they did it more than once.Â
Hackers are also growing increasingly sophisticated with their phishing schemes, crafting legitimate sounding messages that appear to come from senior executives or well-known brands. Yet, there are typically some red flags that signal nefarious activity — for example, unrecognized domain names in the URL, or extra dashes, characters, or letters that don’t appear to belong. A mature AI solution could spot these and other common phishing attack markers and alert the user to proceed with caution or flag the communication directly to IT to determine the next steps.Â
Learn More: Insider Threat: How to Address the ‘Human Dilemma’ in WFH Era
#2 Watching for Workarounds
Another common way in which users inadvertently compromise security is by seeking workarounds or skirting company policies. Typically, this is done out of a desire for productivity or convenience, as employees feel hampered by corporate guidelines or believe they need a specific product or solution not provisioned by IT to do their jobs effectively. Pure, though these motivations maybe, 35% of CISOs/CSOs believeOpens a new window this unauthorized use of devices and applications is likely to result in a cyberattack.
One can envision various ways in which AI might address this issue. For example, a bot that recognizes when an unauthorized application is introduced and reminds employees of the security concerns before recommending other company-sanctioned options.Â
#3 Risky Business
Falling prey to a phishing attack is far from the only poor employee security practice that puts companies at risk. Unrestrained web browsing is another. Accessing corporate resources via public Wifi is also a threat, as is the improper storing of documents and files. However, arguably, these all compare to the pervasive problem of bad password habits.
91%Opens a new window of people acknowledge the security risk inherent in using the same password for multiple accounts, yet 66% admit to doing it anyway. With password reuse, all a hacker needs to do is find a password that has already been exposed in a prior breach, and it’s only a matter of time before they can infiltrate company accounts. Creating weak or easily guessable passwords is another common user mistake, as the recent SolarWinds attack underscores. The incredibly simple password Opens a new window “solarwinds123†exposed a SolarWinds file server and may have contributed to one of the most serious security breaches in the U.S. history.
While it’s too soon to say if AI will evolve to address password security or offer a viable alternative, the good news is that solutions exist today that enable organizations to mitigate the risks of bad password practices. Screening credentials continuously against a live database of compromised passwords ensures that immediate action can be taken if a password is exposed, effectively blocking hackers from that threat vector.
Learn More: Why a Security-First Infrastructure Is Your Only Option in 2021
For decades, employees have been inadvertently exposing enterprises to attack, and the threat has remained constant even with the introduction of new technology innovations. As the AI evolution continues, I believe we may see the technology marketed to answer some of the human error challenges. Of course, as this happens, there will be new privacy and ethical concerns. Companies will have to determine how to strike the right balance between protecting sensitive data and assets and ensuring employees can be productive without jeopardizing security.Â
But one thing is clear: with cybersecurity solutions poised to remain a top area of investment, organizations can’t afford to ignore the threat of human error. There is both a demand and an opportunity for technology to address this issue, and organizations would be wise to embrace AI to mitigate the human risks.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!