Cloud Hosting

India ranks second in the world (as of 2022) when it comes to the number of data breach cyber-attacks on its enterprises and ranks 14th globally in average data breach costs, according to Surfshark.Image: Shutterstock

According to Surfshark, India ranks second in the world (as of 2022) when it comes to the number of data breach cyber-attacks on its enterprises and ranks 14th globally in average data breach costs. Here, the term 'data' refers to any information impacting an enterprise's effective business continuity (BC). More specifically, India's average data breach cost in 2022 amounted to a record high of Rs17.6 crore (approximately $2.2 million)a 6.6 percent increase from Rs16.5 crore in 2021 and a 25 percent increase from Rs14 crore in 2020 (as reported by the IBM Security Data Breach Report of 2022 that analysed data breaches affecting more than 550 companies in India). Moreover, India's average per-record data breach cost reached an 11-year high of Rs6100a 3.3 percent increase from Rs5900 in 2021 and a 10.4 percent increase from Rs5522 in 2020.

According to Viswanath Ramaswamy, the Vice President of IBM Technology Sales and IBM India/South Asia, "cyber-attacks are the biggest challenge to enterprise cyber-resilience in India". Ramaswamy also goes on to say that the three factors that majorly contribute to the (multi-party) costs incurred by companies due to data breach-related cyber-attacks are

In addition to this, less than 35 percent of cyber-security expertise slots are filled up, out of which some are entry-level security analysts who take time to develop the skills, confidence, and intuition to investigate data breach cyber-attacks.

Moreover, on the psychological front, many cybersecurity personnel suffer from job fatigue. This is due to

Finally, it is well-documented and widespread knowledge that approximately 95 percent of enterprise cyber-breaches are initially rooted in 'human in the loop' issues.

All these factors add up to the likelihood that a cyber-security expertise team within an enterprise would be an important indicator of enterprise compromise by cyber-attack vectors. According to the IBM Security Data Breach Report of 2022, an Indian enterprise, on average, can save Rs10 crore (approximately $1.2 million) if it can detect a cyber breach in less than 200 days compared to when it detects in more than 200 days.

Also read: The cyber-insurance vision is failing for ransomware attacks in India

1. To start, AI has the power to automate repeatable tasks, contributing to lesser fatigue of personnel/employees in enterprise security operation centres (ESOCs). This will result in enterprises' hedging' cyber-risks arising from the lack of focus of such personnel to identify important indicators of cyber-compromise. Moreover, as a related but significant benefit, AI will help enterprises precisely identify the root cause of a cyber-attack from several compromise indicator features something that is computationally infeasible for humans in ESOCs to routinely identify accurately and that too in the ever-increasing threat landscape. The last point is even more relevant today in the age of generative AI products such as ChatGPT that can create human-evading malware signatures on the fly.

2. In the process of generating effective true-positive cyber-attack alarms, AI has the power to dig out 'complex' statistical relationships not only between compromise indicator variables (for both internal and external enterprise cyber-threats) but also between incidents (that might have occurred far in the past) that might look un-related to the gut-feeling driven human eye.

3. Unlike human intelligence, AI can effectively parse the entire space of structured, unstructured, and noisy threat-related data to output crisp and concise information needed for ESOC personnel to evaluate and optimise cyber-resilience metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).

4. While points 1, 2, and 3 above showcase the accuracy of AI solutions, speed is the other critically important factor distinguishing AI from human (expert) intelligence. The power of AI can be leveraged at speed, especially on real-time cyber-threat data, to conduct (real-time) data mining and (un-)supervised learning for generating accurate threat intelligence at speed. On an overarching note, AI will guide ESOC personnel (analysts) to fast, precise and automated cyber-resilience, improving incident response spanning an enterprise's people, process, and technology spectrum.

The bottom line is that the Indian enterprise can save a lot more (probably a multi-fold of $1.2 million, as mentioned above) if it can leverage the power of AI to analyse and detect cyber threats accurately with low false alarms within a period much less than 200 days. This is simply because the existing cost estimates are conservative and exist only for reported threats, of which the reported quantity is far lesser than the actual number of threats reportable, and reducing reporting time is of essential financial value to an enterprise.

A very good real-world example of this is the use of AI in its cyber-security processes by Trellix (erstwhile McAfee Enterprises) since 2020 to alert its customers (via their software products) on cyber threats, predict their impact, and prescribe corrective action. Since the use of AI as a cyber-security strategy on their High-Velocity Sales (HVS) platform, Trellix has boosted its initial potential client interests 10-fold, had a 5 percent increase in renewal rates, and had a three-fold increase in the amount of time managers could afford to spend to coach their sales team members on boosting sales.

One might be inclined to believe (from the Trellix example) that the returns and competitive business risks of adopting and not adopting AI in cyber-security processes are quite high from a sales perspective. This point can be rationalised by seminal academic theory in the strategic management sciences. Based on insights from the widely popular Five Forces strategy model by Michael Porter of the Harvard Business School, the threat of new entrants (Trellix competitors), product substitutes (competitor products churned from AI-driven platforms like HVS), high bargaining power of customers (clients of Trellix-like products), and low bargaining power of suppliers (Trellix) should push enterprises to necessarily adopt AI as a cyber-security strategy to boost sales.

However, when it comes to enterprises (not necessarily only those having a cyber-security vision), it is not directly evident that incorporating AI as a cyber-resilience-improving strategy within business processes will boost salesespecially for small and medium businesses (SMBs). This is because

Second, the service-selling enterprise could be a hardware, software, and/or firmware supplier that has locked in a set of enterprises as customers (in a supply chain). One example of such an enterprise includes AWS, which provides a public cloud service as its business operation. Another example could include critical infrastructure enterprises reliant upon each other to sustain business continuity (e.g., a manufacturing company depending on a power grid and vice versa). In such cases, to prevent churn, remain profitable, and sustain market competition, the supplier enterprise must spend enough on AI to gather client environment data (applications, processes using supplied solutions) that 'minimises' the likelihood of business disrupting malicious intruder entry into (IT/OT) systems. Essentially, the supplier enterprise must ensure their systems remain securely online to prevent business disruptions for both their clients and them by ensuring there is no malicious entry from any endpoint. An example of such AI is a real-time system orchestrated AI solution such as ScadaShield (by Cyberbit), that performs continuous monitoring and detection across the entire attack surface for both IT and OT components and can be combined with ESOC automation to trigger workflows that accelerate cyber-attack root cause identification and mitigation.

Third, the enterprise selling services could primarily be a solution consultant that provides its clients (e.g., general IT and/or OT-driven enterprises) security software as a service (SSaaS/SECaaS), where the selling enterprise (e.g., CrowdStrike, Trellix) can make profits, both out of the software/firmware/hardware components and their integration. In such cases, the enterprise must spend on AI that collects and analyses information within the supplying enterprise's and client businesses' systems to prevent churn and remain competitively profitable in the market. The former protects the supplying enterprise from any malicious cyber intruders by analysing usage information and other data. In contrast, the latter protects the enterprise's clients by analysing the client's cyber posture information to generate effective alerts. The bottom line is that enterprises selling such products want to use AI to improve sales efficiency, improve customer relationships, and decrease costs. This requires the use of advanced AI tools to increase sales effectiveness. An example of such AI is that available on the XDR platform of Trellix that leverages AI, (real-time) machine learning, and advanced telemetry based on threat intelligence from more than one billion sensors across corporate and government enterprises to reduce malicious intruder probabilities and boost enterprise cyber-resilience significantly.

On top of everything, AI as a business strategy for the modern IT/OT-driven business ecosystems has the potential to adhere very well with certain elements of the seminal Eight-Fold strategy proposed by Michael Cusumano of the MIT Sloan School of Management for software-driven businessesespecially those offering pioneering solutions (cyber-security as a service). More specifically, enterprises providing cybersecurity-as-a-service

The authors would like to acknowledge Keri Pearlson of the MIT Sloan School of Management for her strategic insights from her research on cyber-security as a competitive business advantage.

Ranjan Pal (MIT Sloan School of Management, USA) Cynthia Zhang (EECS, Massachusetts Institute of Technology, USA) Bodhibrata Nag (Indian Institute of Management Calcutta, India)Michael Siegel (MIT Sloan School of Management, USA)

Follow this link:

Why AI in cybersecurity needs to be part of business strategy to boost resilience - Forbes India