Adopting machine learning and other AI technologies for risk management and security-oriented use cases offers valuable business benefits to organizations. Many AI-powered risk management tools rely on the mass computing scale achievable in the cloud, where large quantities of data can be analyzed and processed rapidly. But on-premises systems can also support the use of AI in risk management initiatives.
At a high level, risk management analytics applications that use AI can help organizations evaluate the following:
- Uncertain conditions or situations that pose potential risks.
- The likelihood of a particular condition or situation occurring based on available context.
- The effects the occurrence might have, i.e., the possible risk outcomes.
Risk management tools with AI functionality can also be integrated into cybersecurity threat detection efforts and security automation workflows. Additionally, they can help risk managers, security leaders and business executives make informed decisions during incidents, as part of the business continuity planning process and in other scenarios. AI technologies, such as natural language processing software, are particularly useful for analyzing text and other unstructured data.
Applications of AI in risk management
The most common use cases of AI supporting risk management and mitigation processes include the following:
1. Threat intelligence analysis
In organizations, threat intelligence data provides perspective on things such as attacker sources, compromise indicators, behavioral trends related to cloud account use and attacks against various types of cloud services. Threat intelligence feeds can be aggregated, analyzed at scale using machine learning engines and processed for likelihood calculations and risk predictability models. With the escalation of cloud account hijacking attacks and ransomware infections, more rapid analysis of data and predictive intelligence could prove invaluable to security teams in managing risks.
2. Security information and event management
Log data and other records of security events are being produced in enormous quantities. To head off cybersecurity risks, security teams need to quickly recognize specific threat indicators, see patterns of events as they occur and spot events happening in both cloud and on-premises environments. As part of SIEM processes, machine learning and AI can augment massive event data processing technology to build more intelligent detection and alerting capabilities. Microsoft Sentinel is an example of a cloud-based SIEM tool that includes machine learning and AI features.
This article is part of
3. Fraud detection
For financial services firms and insurers, fraud detection requires an enormous number of inputs and data types, as well as intensive processing. AI systems and machine learning engines can help detect fraudulent transactions and activities by assisting with text mining, database searches, social network analysis and anomaly detection techniques that are coupled with predictive models at scale. This could also be extended to things such as fraudulent use of cloud services — for example, a phishing attack from a hijacked Microsoft 365 account.
4. Workplace risk reduction
One of the common types of business risks involves the people who work for an organization. AI and machine learning models can process and analyze data related to workforce activities in high-risk environments where accidents can be dangerous or even fatal. AI algorithms can evaluate behavioral patterns noted before accidents occur and generate predictive scenarios to help improve safety procedures and prevent incidents. They can also help in managing other forms of people risk, such as identifying illegal or unethical behavior by employees through analysis of emails or other communications.
5. Data classification and monitoring
Based on known content types and patterns, AI-based analytics engines can process all the data uploaded and created in a cloud environment to classify and tag it based on predefined policies. This helps risk management and compliance professionals identify sensitive data that needs strong security protections. The tools can then monitor the data for appropriate protections and access controls. Amazon Macie is an example of a cloud service that uses AI for this purpose.
Challenges of AI in risk management
Even with these benefits, there are two potentially major drawbacks to using AI in risk management processes.
The first is cost. It’s expensive to process and analyze large amounts of data, even when using cloud-native services. The specialized AI services that are required for risk management applications can also cost a lot to use.
The second is privacy. Many risk managers and security leaders are concerned about data privacy issues with AI and machine learning. If personal data is used inappropriately by AI tools, a company could face compliance, legal and reputational risks. As a result, data that organizations upload into cloud services for risk management uses might require data protection controls such as encryption, transport security, tokenization and obfuscation.
While most data storage services from the major cloud providers offer such controls, that isn’t necessarily the case with specialized AI and machine learning services such as Amazon SageMaker, Amazon Rekognition, Azure Machine Learning, Azure AI and Google Cloud’s Vertex AI. For example, not all of these services can use existing encryption key management and usage controls that organizations have deployed, so the data loaded into them could be at risk of exposure. The geographic location of sensitive data used in machine learning and AI operations is also a major regulatory compliance concern.
Future of AI in risk management
Despite the issues discussed above, AI likely will play an even bigger role in enterprise risk management programs going forward. As the use of cloud-based AI and machine learning services becomes more commonplace, risk management teams will continue to benefit from the rapid analytics processing of large data sets, removing many limitations of the more manual risk analysis and risk management processes of the past. Generative AI technologies might also contribute to risk management initiatives by aiding in tasks such as data monitoring, risk assessment and communication with stakeholders.
Dave Shackleford is the founder and principal consultant with Voodoo Security, as well as a SANS analyst, instructor, and course author and GIAC technical director.