As our businesses become more digital in all dimensions, high-profile information security breaches are making the news headlines with increasing frequency. The recently announced card-hacking activity at online travel service Orbitz is just one of the latest examples. On March 20, Orbitz announced a security breach that exposed information derived from at least 880,000 customer payment cards. The breach took place between October and December 2017 involving customer transaction records dating from 2016 and 2017. Although data captured on Orbitz.com was not affected, the company advised customers using Orbitz travel services within the past two years to check their credit and debit card billing statements from this period and to contact their banks if fraudulent charges were identified.
At-risk organizations around the world are increasing their investments in cybersecurity protection. According to Gartner, worldwide cybersecurity spending will climb to US$96 billion in 2018. Unfortunately, some of this spending is not aligned with actual security threats and their known sources. Surveys continue to show that solutions such as network antivirus, malware detection, and website firewalls continue to receive the most investment, although misuse and abuse of user credentials is the most common source of data breaches.
The reasons for persistent misalignment of security breach causes and remediation solutions are not well documented. One of the reasons may be the proliferation of specific security tools in IT departments over a fair number of years. The fact remains that human (mis)behavior confounds, supersedes, or works around many of the go-to security technology “fixes.”
With regard to this gap, a number of interesting findings were revealed in a recently released Dow Jones Customer Intelligence study (learn more in “CEO Disconnect on Cybersecurity Increases Risk of Breaches”). Among other revelations, this study found that:
- 55% of responding CEOs admit their organizations have experienced at least one breach, while 79% of CTOs acknowledge breaches have occurred. One in four CEOs (24%) was not aware whether their companies have had even a single security breach.
- 62% of CEOs surveyed inaccurately identified malware as the primary threat to cybersecurity integrity.
- 68% of responding executives whose companies experienced “significant” breaches now believe that these incidents could have been prevented by more mature identity and access management strategies.
One of the most valuable findings from this study was that CEOs can reduce the risk of a security breach by improving their identity and access management capabilities. Nevertheless, 62% of the responding CEOs said they believe that “multi-factor authentication” is difficult to manage. Thus, a related primary concern of these CEOs is how to avoid delivering poor user experiences with an increase in user security controls.
In the context of this general misunderstanding, machine learning approaches can help strengthen the foundation of authentication and screening techniques to improve security effectiveness without complicating user experiences.
Role of machine learning in preventing major security issues
Machine learning tools can help resolve an ongoing dilemma faced by many organizations. The problem is, we spend millions of dollars each year to strengthen information security, yet experience major breaches that threaten our stability and ability to grow. Thus, we continue to look for better answers.
It turns out there are many ways machine learning can be used to help improve enterprise security. With identity authentication and password authorization being primary points of attack, there are several ways machine learning can be leveraged to help minimize data breach incidents.
In Part 2 of this series, we’ll examine some key examples of machine learning applied to user access authorizations that improve information security. In addition, we’ll highlight some related areas in which machine-learning security capabilities are being embedded today.
The SAP GRC team will be exhibiting at several events related to cybersecurity this year. We hope you’ll join us there.
- ISACA GRC Conference – August 13-15 Nashville, Tennessee, USA
- SAPinsider Cybersecurity for SAP Customers – June 27-29 Prague
This article originally appeared on the SAP Analytics blog and is republished by permission.