IBM study reveals how AI, automation protect enterprises against data breaches

The extra built-in AI, automation and menace intelligence are throughout tech stacks and SecOps groups, the stronger they make an enterprise against breaches. Follow-on advantages embody better cyber-resilience, and spending much less on data breaches than enterprises with no AI or automation defenses in any respect.

IBM Security’s 2023 Cost of a Data Breach Report offers compelling proof that investing in AI, automation and menace intelligence delivers shorter breach lifecycles, decrease breach prices and a stronger, extra resilient safety posture company-wide. The report is predicated on evaluation of 553 precise breaches between March 2022 and March 2023.

The findings are excellent news for CISOs and their groups, lots of whom are short-staffed and juggling a number of priorities, balancing help for brand new enterprise initiatives whereas defending digital workforces. As IBM discovered, the common whole price of a data breach reached an all-time excessive of $4.45 million globally, representing a 15% enhance over the past three years. There’s the added stress to establish and comprise a breach quicker.  

IBM’s Institute for Business Value study of AI and automation in cybersecurity additionally finds that enterprises utilizing AI as a part of their broader cybersecurity technique think about gaining a extra holistic view of their digital landscapes. Thirty-five p.c are making use of AI and automation to find endpoints and enhance how they handle belongings, a use case they predict will enhance by 50% in three years. Endpoints are the right use case for making use of AI to breaches due to the proliferating variety of new identities on each endpoint.

Why AI must be cybersecurity’s new DNA 

Scanning public cloud situations for gaps in cloud safety (together with misconfigurations), inventing new malware and ransomware strains and utilizing generative AI and ChatGPT to fine-tune social engineering and pretexting assaults are only a few of the methods attackers attempt to evade being detected.

Cybercrime gangs and complex superior persistent menace (APT) teams actively recruit AI and machine studying (ML) specialists to design their Large Language Models (LLM) whereas additionally searching for new methods to deprave mannequin data and invent malware able to evading the present technology of menace detection and response programs beginning with endpoints.

CISOs want AI, ML, automation and menace intelligence instruments in the event that they’re going to have an opportunity of staying at aggressive parity with attackers. IBM’s report offers compelling proof that AI is delivering outcomes and must be the brand new DNA of cybersecurity.  

Integrating AI and automation decreased the breach lifecycle by 33% or 108 days

IBM discovered that enterprises that superior their integration of AI and automation into SecOps groups to the platform degree are lowering breach lifecycles by one-third, or 108 days. That’s a big drop from a mean of 214 days. The common breach lasts 322 days when a corporation isn’t utilizing AI or automation to enhance detection and response. 

Extensive use of AI and automation resulted in 33.6% price financial savings for the common data breach.

Integrating AI and automation throughout a tech stack to achieve visibility, detection and obtain real-time response to potential intrusions and breaches pays off. Organizations with no AI or automation in place to establish and act on intrusions and seashores had a mean breach price of $5.36 million.

Enterprises with in depth AI and automation integration supporting their SecOps groups, tech stack and cyber-resilience methods skilled far inexpensive breaches. The common price of a breach with in depth AI and automation in place averaged $3.6 million. That’s a compelling sufficient price financial savings to construct a enterprise case round.

Despite the benefits, simply 28% of enterprises are extensively integrating AI and automation

Given the positive factors AI and automation ship, it’s stunning that almost one-third of enterprises surveyed have adopted these new applied sciences. IBM’s staff additionally discovered that 33% had restricted use throughout only one or two safety operations. That leaves 4 in 10 enterprises counting on present and legacy technology programs that attackers have fine-tuned their tradecraft to evade.

In one other study, 71% of all intrusions listed by CrowdStrike Threat Graph have been malware-free. Attackers shortly capitalize on any hole or weak point they uncover, with privileged entry credentials and identities being a major goal, a key analysis discovering from CrowdStrike’s Falcon OverWatch Threat Hunting Report. Attackers more and more use AI to evade detection and are centered on stealing cloud identities, credentials and data, in accordance with the report. This additional reveals the necessity for clever AI-driven cybersecurity instruments.

Gartner’s 2022 Innovation Insight for Attack Surface Management report predicts that by 2026, 20% of corporations (versus 1% in 2022) may have a excessive degree of visibility (95% or extra) of all their belongings, prioritized by threat and management protection. Gartner contends that cyber asset assault floor administration (CAASM) is critical to deliver an built-in, extra unified view of cyber belongings to SecOps and IT groups, CAASM stresses the necessity for integration at scale with secured APIs.

IBM’s study reveals that SecOps groups are nonetheless dropping the AI battle.

The majority of SecOps groups are nonetheless counting on guide processes and have but to undertake automation or AI considerably, in accordance with the report. There is a significant disconnect between executives’ intentions for adopting AI to enhance cybersecurity and what’s occurring.

Ninety-three p.c of IT executives say they’re already utilizing or contemplating implementing AI and ML to strengthen their cybersecurity tech stacks, whereas 28% have adopted these applied sciences. Meanwhile, attackers are efficiently recruiting AI, ML and generative AI consultants who can overwhelm an assault floor at machine pace and scale, launching every part from DDOS to utilizing living-off-the-land (LOTL) strategies that depend on Powershell, PsExec, Windows Management Interface (WMI) and different frequent instruments to keep away from detection whereas launching assaults. 

“While extortion has mostly been associated with ransomware, campaigns have included a variety of other methods to apply pressure on their targets,” writes Chris Caridi, cyber menace analyst for IBM Security Threat Intelligence. “And these include DDoS attacks, encrypting data, and more recently, some double and triple extortion threats, combining several of the previously seen elements.”

This also needs to be thought of with the proliferation of deepfakes. Zscaler CEO Jay Chaudhry was the current goal of a deep pretend assault. Chaudhry advised the viewers at Zenith Live 2023 about one current incident by which an attacker used a deepfake of his voice to extort funds from the corporate’s India-based operations.

In a current interview, Chaudhry stated, “This was an example of where they [the attackers] actually simulated my voice, my sound … more and more impersonation of sound is happening, but you will [also] see more and more impersonation of looks and feels.” Deepfakes have turn into so commonplace that the Department of Homeland Security has issued the information Increasing Threats of Deepfake Identities. 

AI discovers anomalies at scale and machine-level speeds

AI and automation ship measurable ends in bettering safety personalization whereas implementing least privileged entry. SecOps groups with an built-in AI and automation tech stack are quicker at figuring out and taking motion on anomalies that would point out an intrusion or breach.

AI and ML excel at analyzing large volumes of system and person exercise data that energy menace intelligence programs. IBM discovered that when a menace intelligence system has real-time data analyzed by AI and ML algorithms, the time to establish a breach is decreased by 28 days on common.

Breaches price much less if SecOps groups discover them first

AI additionally pays off by serving to SecOps groups establish the breach themselves versus ready for an attacker to announce the break or having legislation enforcement inform them. When SecOps groups can establish the breach, they save practically $1 million. The study additionally in contrast mean-time-to-identify (MTTI) and mean-time-to-contain (MTTC), discovering that in depth integration of AI and automation decreased each. 

Keep AI, automation, and menace intelligence within the context of zero belief

Zero belief assumes a breach has already occurred, and each menace floor must be frequently monitored and secured. As the IBM study reveals, AI, ML and automation are proving efficient in offering real-time menace intelligence. 

During a current interview with VentureBeat, zero belief creator John Kindervag suggested that “you start with a protect surface. I have, and if you haven’t seen it, it’s called the zero-trust learning curve. You don’t start with technology, and that’s the misunderstanding of this. Of course, the vendors want to sell the technology, so [they say] you need to start with our technology. None of that is true. You start with a protect surface, and then you figure out [the technology].” 

Kindervag’s recommendation is properly taken and displays how efficient AI, ML, automation and menace intelligence might be deployed and ship outcomes at scale. Kept in a zero belief context of defending one menace floor at a time, as Kindervag advises, these applied sciences ship worth. 

VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve information about transformative enterprise know-how and transact. Discover our Briefings.