Security
December 28, 2022
November 18, 2024

The Call is Coming From Inside the House

Rachael Greaves explores how AI is transforming the way organisations manage data risk, focusing on reducing the impact of breaches by automatically identifying and protecting the most sensitive data.

The Call is Coming From Inside the House

Interview multiple candidates

Lorem ipsum dolor sit amet, consectetur adipiscing elit proin mi pellentesque  lorem turpis feugiat non sed sed sed aliquam lectus sodales gravida turpis maassa odio faucibus accumsan turpis nulla tellus purus ut   cursus lorem  in pellentesque risus turpis eget quam eu nunc sed diam.

Search for the right experience

Lorem ipsum dolor sit amet, consectetur adipiscing elit proin mi pellentesque  lorem turpis feugiat non sed sed sed aliquam lectus sodales gravida turpis maassa odio.

  1. Lorem ipsum dolor sit amet, consectetur adipiscing elit.
  2. Porttitor nibh est vulputate vitae sem vitae.
  3. Netus vestibulum dignissim scelerisque vitae.
  4. Amet tellus nisl risus lorem vulputate velit eget.

Ask for past work examples & results

Lorem ipsum dolor sit amet, consectetur adipiscing elit consectetur in proin mattis enim posuere maecenas non magna mauris, feugiat montes, porttitor eget nulla id id.

  • Lorem ipsum dolor sit amet, consectetur adipiscing elit.
  • Netus vestibulum dignissim scelerisque vitae.
  • Porttitor nibh est vulputate vitae sem vitae.
  • Amet tellus nisl risus lorem vulputate velit eget.
Vet candidates & ask for past references before hiring

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut suspendisse convallis enim tincidunt nunc condimentum facilisi accumsan tempor donec dolor malesuada vestibulum in sed sed morbi accumsan tristique turpis vivamus non velit euismod.

“Lorem ipsum dolor sit amet, consectetur adipiscing elit nunc gravida purus urna, ipsum eu morbi in enim”
Once you hire them, give them access for all tools & resources for success

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut suspendisse convallis enim tincidunt nunc condimentum facilisi accumsan tempor donec dolor malesuada vestibulum in sed sed morbi accumsan tristique turpis vivamus non velit euismod.

Security and privacy breaches are accelerating, and the external forces we have been applying to slow the rate are hardly making an impact. The traditional treatment of risk – to try to reduce the likelihood – can never be the complete answer.  

Some breaches are the result of targeted attacks by bad actors. But most breaches originate from ‘trusted insiders’. In some cases, they can be compromised by bad actors. And in many more cases, they can be reckless, or feckless, and spill data by accident. We can reduce the likelihood, by careful hiring, training, and observation. But we can’t eliminate it.  

Risk is a product of likelihood and impact. Something can have an extremely low likelihood of happening, like your parachute failing. But if the impact of that failure is catastrophic, then the risk itself is not low.  

We can vet and monitor staff so that there is a low likelihood that they will breach our security. But if that once-in-a-blue-moon spill is of our most sensitive data, the impact will be disastrous. So even with the best personnel and perimeter security, more challenging than ever post-pandemic, we can’t manage the risk to an acceptable level.  

What we must do, and can now do using Artificial Intelligence (AI), is reduce the impact.  

That means knowing where our highest-risk data is and who is doing what to it. We need to allow people to work and collaborate effectively, but limit their access to the riskiest data. ‘Risk’ can be many things, not just security-classified data or Personal Identifiable Information, and to date it has been hard to quantify. We have relied on individual staff to understand what ‘risky data’ looks like, and to mark or label everywhere it appears. But AI is changing this.  

  • One (Unclass) Federal Department has identified a range of specific topics in their business that would have adverse outcomes for international relations, for example, if spilled into the public domain. As such, it has used AI to automatically detect any instances of those across the network.    
  • One State Government department has used AI to find everything related to sexual assault across their legacy child protection databases, detecting 60,000 flags in previously unsearchable systems, so that they can be preserved and properly protected. 
  • One University has used AI to map its secrecy obligations under Acts and Regulations, to identify which data would have civil or criminal penalties for unauthorised disclosure. And many Councils, regulators, and critical industry providers are now using AI to identify spills specific to their risk context, so they can be immediately treated.   

With AI we can now know what we have, where it is, and its inherent risk (based on its content, not just a label). We know who is interacting with it, and importantly, what business and regulatory rules apply to it (and whether they are being met). We can do this automatically, invisibly, across the enterprise.  

Ultimately, it means we can harden (or dispose of) the riskiest data, significantly reducing the impact of an inevitable breach.    

This article by Rachael Greaves was originally published in Security Brief Australia