By Charles Eagan, Chief Technology Officer at BlackBerry
Malware, phishing and ransomware are constantly keeping security teams on their toes. But there is one risk to data security that cannot be stopped by cybersecurity software: human error.
Unlike malicious threat actors, human error doesn’t come and go as trends in the cyber landscape change. It is true of data breaches throughout history: indeed, a CybSafe study found that human error caused 90% of cyber data breaches in the UK during 2019. For organisations looking to protect intellectual property, or shield customer data, human error is the most dangerous threat of all. And yet, it appears to have no foolproof solution, or remedy available to buy from a cybersecurity vendor.
Humans are naturally prone to making mistakes. Such errors are increasingly impactful in the workplace, but human error in the realm of cybersecurity can have particularly devastating and long-lasting effects. As the digital world becomes more complex, it becomes much tougher to navigate – and thus, more unfair to blame humans for the errors they make. Employees should be given as much help and support as possible.
But employees are not often provided with the appropriate security solutions, so they resort to well-intentioned workarounds in order keep pace and get the job done. As data continues to flow faster and more freely than ever before, it becomes more tempting to just upload that document from your personal laptop, or click on that link, or share that info to your personal email.
Take, for instance, one of the most common security problems: phishing emails. An employee might follow instructions in a phishing email not only because it looks authentic, but that it conveys some urgency (usually from a manager or someone else of importance). Employee training can help reduce the likelihood of error, but solving the technological shortcoming is more effective: if a phishing email is blocked from delivery in the first place, we can help mitigate the human error factor.
This is where artificial intelligence (AI) can be a game-changer. We already use AI to simplify our home lives, using it to perform a variety of tasks, from turning on lights, to playing our favourite music. But if AI solutions are deployed in the workplace, we can help address the biggest elephant in the IT room: data security.
Data security is a major area of concern, and it’s likely the leading cause for lost hours – and lost sleep – for security and IT professionals. According to a recent survey of over 500 IT professionals in the financial services industry, a whopping 94% said that they lack confidence in the ability of employees, consultants, and partners to safeguard customer data. And because cybersecurity is a complex domain – with many unknowns and moving parts – the rigid, conventional solutions can’t be effective. However, AI solutions can learn, adapt, and dynamically react to an organisation’s cybersecurity needs.
Not to worry, though – this is a far cry from the sensationalistic sci-fi scenes of a robot takeover. Yes, AI can solve complex problems with a level of consistency and speed that’s unmatched by human intelligence. But it can’t replace human intelligence where it’s needed most: we must choose the right problems to solve. Once we identify this, we can start collecting the right data, designing the right solution, and creating the right processes for our AI solutions to adapt, learn from feedback, and produce results.
AI can also provide employees with more time to tackle the impactful tasks of the business. Consider the case of phishing emails again: Even if the employee properly deletes that email, they’ve still spent valuable time in security training sessions, and in evaluating that email for potential threats. With an AI-based solution that detects phishing emails before they’re delivered, the employee’s time and efforts can be much better spent.
If AI can eliminate human error from businesses, will humans still be valuable to organisations? Of course – and their value will be vastly increased, too. AI helps to augment human intelligence, by taking on the low-level tasks and conducting the meticulous checks that the current cybersecurity landscape requires. This gifts humans more time to achieve their full potential in their role, from solving problems using critical thinking, to developing creative ideas from insights. For organisations, this is the ultimate in added value – not only can human error be reduced, but the true potential of teams is finally unlocked.