The promise of artificial intelligence (AI) is bringing with it a gigantic whiff from many small and medium businesses (SMB) that are underestimating AI’s rapidly developing capabilities and the implications for their company’s data security.
AI’s seemingly instant entrance into our lives is already being compared to some of the biggest innovations in history. If it hasn’t already, AI will be intertwined into every corner of the business world, which raises an interesting question.
Is it friend or foe?
It’s both, and if your business isn’t paying attention you may be in for a few surprises. Let’s take a quick look at the pros and cons of AI.
- Efficiency and Automation. AI can automate repetitive tasks to free up valuable resources for other more important tasks.
- Data Analysis and Insight. It can analyze unbelievable amounts of data in seconds to drive better decision making around areas such as trends and customer behavior.
- Enhanced Customer Experience. Chatbots and virtual assistants underpinned with AI are getting smarter day. Customer service 24/7/365 is within reach of every business.
- Personalization. Armed with its data analysis capabilities, AI can tailor marketing, sales and service strategies to drive higher adoption and deeper customer relationships.
- Cost Savings. AI’s automation capabilities will drive down operational costs to improve resource allocation.
- Cybersecurity. Last but not least, AI will help businesses identify and respond to data breaches much quicker (more later in this article).
- Cost to Implement. AI requires enhanced technology and specialized knowledge that is in short supply today.
- Expertise. Finding and retaining people with AI skills will be a challenge.
- Data Privacy. There is concern that increased use of AI could lead to more issues of data privacy and security.
- Lack of Customization. Off-the-shelf packages may not be targeted enough for small and medium businesses.
- Integration Complexity. This has always been a problem with new technologies integrating with existing infrastructure, and AI is no different.
- Ethical Issues. This issue will have a long tail as AI continues to develop and be used for more needs inside a business. Read more later in this article.
AI’s ability to analyze large quantities of data in seconds is its calling card today. But it does so much more. We are not far away from it dramatically improving a company’s ability to monitor its own activities and actions with an eye toward identifying security breaches before they do damage.
But like anything new, it brings new and undiscovered threats to business that are, to be honest, a bit scary. And they all can impact an already shaky data security issue that many companies face.
We have identified six threats we believe small and medium businesses should be paying close attention to today regarding overall data security.
Increased Sophistication of Cyberattacks
How is it that cyber criminals always seem to be one step ahead of the cyber police? Well, AI gives the bad guys a new, lethal weapon that can disrupt a business in the blink of an eye.
There is a dangerous dance underway between technical innovation and business vulnerabilities that simply can’t keep up with the speed in which AI is changing. Criminals are investing in very targeted ways to utilize AI’s capabilities while businesses are scrambling to protect their assets from yet another wave of technical assaults.
Here’s the bad news: Many of today’s cybersecurity measures are no match for the intricate subtleties of AI-powered attacks and tricks. For example, a fast-growing e-commerce business falls victim to an AI-driven email phishing campaign that floods customers’ inboxes with fake communications that look real. They read just like they came from the company. The thieves easily skirted the conventional spam filters and turned a business bullish on the future into a company with a stained reputation and falling sales.
It could all happen in just a few hours.
Businesses need to be considering new strategies to combat the new wave of AI-supported security tricks.
Much is being done with AI-driven solutions for business security. Again, the bad guys are in front of the good guys so far, using AI to infiltrate in ways most of us couldn’t have imagined even a year or two ago.
Businesses will have to adopt defensive strategies with AI-driven technologies and capabilities in order to stay up with criminals. And it will come at a cost that is likely more than the business is spending on cyber security today.
Your business may require capabilities that predict incoming assaults before they become full blown breaches. Or you may need automated incident response capabilities that dramatically shorten the time between when an incident is discovered and when actions are taken.
Businesses must evolve their approach to cybersecurity. This might mean using managed security services with AI experience that can tailor services to their specific needs rather than (or in addition to) their existing internal resources. Small and medium businesses should also explore open-source capabilities and tools that could be a good way to quickly enter the world of AI-driven security.
Every action you take as a business has implications for the security of your data.
The foundation of AI in simple terms—at least as we know it today—is the ability to learn, predict and automate large amounts of data. There are many unintended consequences that could occur by unleashing AI on data. Think of a health care company that pulls information from vast datasets. It’s not unreasonable to think an AI-driven capability could inadvertently violate patient privacy regulations.
The consequences of data privacy breaches range from legal penalties to a loss of customer trust. With so many examples of data breaches in the last 15-20 years, it’s no surprise customers expect the company’s they deal with to have the highest level of security with their personal data. Businesses must employ stringent access controls and encryption to guard against data leaks. Along with strong controls on employee usage of data, companies must also invest in AI algorithms that guard against AI inadvertently divulging sensitive information.
Lack of AI Expertise
AI is here to stay. There is no time for a business to conceptually scratch its chin and ponder whether or not AI is real. It will develop and evolve much quicker than the internet, forcing businesses to adapt regardless of their skepticism or resistance.
Businesses will need two kinds of skills relative to AI: How to use data for growth and operations, and how to protect their data from those using AI to steal it.
Businesses will need to partner with external experts who can provide insights and guidance and, at the same time, invest in training employees on how to manage AI. It will need to be viewed as a critical capability as important as any capability in their business.
This has always been a slippery slope for businesses: How to manage the delicate balance between safeguarding the company against threats and respecting individual rights.
A simple example is using AI to monitor employee behaviors, everything from monitoring their access to data to deviations in communications. While we know many companies large and small have used some form of this tactic for many years, the addition of AI capabilities to this equation dramatically ramps up both the capabilities to monitor and the risk of doing it wrong. And imagine what will go through the minds of your employees when you tell them you will be using AI to “safeguard the company’s assets.”
Businesses will have to take on this challenge head-on by communicating openly about what is being done and encouraging open dialogues about how it will be implemented. Clear boundaries will have to be defined by the business so employees are crystal clear on its intent and scope.
Ethical Use of AI
The story of AI’s impact on security is not solely one of algorithms and data points. Businesses will have to wrestle with the implications of morality and responsibility to ensure their application of AI doesn’t cross a line.
AI is imperfect. It makes mistakes and sometimes those mistakes can cross ethical lines. There are examples where AI-driven capabilities such as chatbots learn through their interactions and data they are supplied but cross ethical lines in their communications. These mistakes can perpetuate biases that the chatbot learns from its interactions even though the company never intended that to happen.
Businesses that employ AI in their marketing and operations will have to prioritize ethics as a best practice in the development of these new capabilities. If not, they risk reputational damage as well as potential legal consequences.
What Actions Should a Business Take to Keep its Data Safe?
AI is coming to a small and medium business near you, and it is coming fast. Your competitors who adopt AI early will have a significant opportunity to create space between their company and yours.
As you analyze how and when AI should be implemented in your company, keep these 12 factors top of mind to ensure your data is as secure as it can be:
- Strong Access Controls. Access to data should only be given to those who need to use it.
- Update and Patch Software. This should be done regularly to ensure it is up to date.
- Internal Education. Make sure employees are trained on trends and best practices for data use and security.
- Regular Backups. To ensure quick recovery from a breach, this must be done in an offsite location or program.
- Use of Antivirus and Anti-Malware Software. This is your best first line of attack.
- Encrypt Sensitive Data. Encryption adds an important layer of protection.
- Firewall and Intrusion Detection Systems (IDS/IPS). These will allow you to monitor threats in real time.
- Incident Response Plan. Define steps to take in the event of a data breach.
- Monitor and Audit Systems and Networks. Do this continuously.
- Vendor Security Assessment. Have regular sessions with third party vendors to ensure their practices are best in class.
- Secure Physical Access. Limit access to technology equipment.
- Establish Strong Data Retention Policies. Make sure all employees understand company policies and the consequences if they are not followed.
Our recent article on what to do when a hacker comes calling provides more insight into how to protect your company from data theft.
While technology continues to amaze and, in most cases, delight us, don’t underestimate the capabilities of AI to be as much a foe as it is a friend.