How AI helps businesses enhance information security

December 28, 2018 13:07
An employee works inside a server room at a company. Businesses should guard against cyber-security threats from outside and should also watch out for potential risks from within the organization, an expert says. Photo: Reuters

Hong Kong has seen multiple data breaches and hacking incidents during the year, prompting worries that cybercrimes are posing a growing threat to businesses and organizations.

The Hong Kong Economic Journal recently sat down with information security expert William Tam, Director of Sales Engineering, APAC, at US-based data protection services firm Forcepoint, to discuss the cyber-security threats and how latest technologies like artificial intelligence can help companies protect their data.

HKEJ: We understand that Forcepoint recently published the “Forcepoint Cybersecurity Forecast Report for 2019,” and in the report, you highlighted the latest market trend in artificial intelligence (AI). Can you elaborate on that?

Tam: In the report, we mentioned that companies are now analyzing and looking at AI technology calmly, seeking to utilize the technology. Previously, businesses have deployed AI technology to handle security incidents in enterprise systems, such as problems found in server log files. However, as a number of major information security incidents happened during the year, we can see that AI, in fact, cannot solve all the problems in cyber-security. AI technology-powered solutions require expert adjustment and optimization.

Q: What role does AI play in network security? What are the benefits and costs for businesses to deploy AI in cyber-security measures?

A: At present, AI has two major applications for information security. The first is to find out the anomaly in the system, that is, to observe the abnormal user behavior from investigating the huge network data of the business; the second is find out the trend that enterprises should pay attention to, by looking into the data generated by the system’s firewall.

AI technology is like a double-edged sword. In fact, we expect that it will be common for hackers to deploy AI technology by next year, lowering the advantage a business can have with AI-powered security system. There have been reports saying that hackers have used AI technology to generate new types of phishing emails and URLs for scams. Of course, if there are countries or consortia behind the scenes supporting hackers, they may be capable of attacking businesses with more advanced AI technology.

Q: What threats will this bring to network security in the future?

A: As countries nowadays are establishing trade barriers with others, normal technology exchanges and communication around the globe are becoming increasingly difficult.

From our discussions with our clients, we found that they often have the misunderstanding that the threats of hacking and data breaches are coming only from outsiders. In fact, in addition to monitoring external attacks, we must also put attention on internal employees, particularly those involved in new products and technologies in enterprises focusing on research and development, as well as the intellectual property for those products and technologies.

We have seen recently that Tesla employees have exposed confidential business information because they were dissatisfied with the company. The way the company treats its employees can result in great harm to the company itself.

Q: How can companies guard against internal cyber-attacks?

A: Tech firms and startups today generally give researchers rights to access internal confidential information anytime, anywhere, in order to speed up the research and development process.

From the perspective of system security, we recommend that businesses analyze risk by observing employees’ abnormal behavior. For example, a researcher sends company files to personal USB memory sticks in private; that is a "red light". Second, we suggest companies look into the tone used in employees’ daily email communication, which can also help assess the risk.

Forcepoint’s US office has been equipped with the technology to detect the tone employees use in their emails, and even check for potential workplace violence incidents, as well as whether an employee is preparing to change his or her job.

Another example is that companies can gather anonymous data from employees with a low score in their performance appraisal; those employees are likely to have a low mood. By doing so, companies can have an earlier preparation against the risk of internal cyber-attacks.

This article appeared in the Hong Kong Economic Journal on Dec 28

Translation by Ben Ng

[Chinese version 中文版]

– Contact us at [email protected]


Hong Kong Economic Journal