[Column] Jon Tullett: Assessing impacts - The meteors of security and AI

A 2018 study found that the illicit proceeds of global cybercrime had reached $US1.5 trillion annually. Norton Security estimated that by 2023, a total of 33 billion records would be stolen each year. Internet of Things (IoT) attacks increased by 600% and Microsoft cloud user accounts saw a 300% increase in cyber attacks, over the past year. It is little wonder that worldwide spend on security-related hardware, software, and services are forecast, by IDC, to reach $US103.1 billion in 2019. There is a need for a new security paradigm that makes greater use of emergent technologies and is more agile and effective than in the past.

“The security challenges and requirements for business 2.0 require far greater use of analytics and machine learning to identify the baseline behaviours of people, applications and infrastructure,” says Jon Tullett, Research Manager for IT Services, IDC South Africa. “This will allow for rapid responses to potential threats and makes better use of cloud technologies – both public and private – to build out an in-depth defence that is consistent with oversight within the organisation.”

Incident response will always be a part of security, but the sad reality is that it is also always behind. That said, the next generation of cloud technologies and analytics can greatly improve security capabilities and help organisations overcome that sense of always being left behind. While there will be a new generation of threats loping casually beside – and ahead – of technology’s evolution, the measurements that assess the efficacy of a security system should be around response times. Did the business respond faster than it did in the past?

“A much faster and more agile infrastructure needs new thinking about policies and compliance,” says Tullett. “Orders of magnitude increase in data transactions and volumes require different ways of thinking about protection and threat mitigation. This is further affected by the fluidity of on-demand applications and API access as they increase the number of unpredictable types of access to systems that were, in the past, easy to secure.”

Going forward, security must place scale and agility at the centre of design thinking and planning. The security team has to build capability that allows them to move faster and take more effective and decisive action with greater insight and confidence. Today’s security products aren’t ready for this. What’s needed is a next generation set of thinking and tools that are in line with the technologies that preceded them.

“This isn’t an incremental change,” adds Tullett. “Most of today’s security tools and many of today’s security companies probably will not survive to see the next generation of business. The changes that are coming are going to have a disruptive impact on market, business and security thinking.”

Of course, in the meteor shower of disruption, it’s hard to avoid the conversation of artificial intelligence (AI). Every organisation and individual want to know what impact of this technology will have on the organisation. The reality is that the changes it will make to life and business will be fairly mundane.

“It will offer better insights, efficiencies and more confident decision-making, sure,” says Tullett. “There will be outliers where an AI model will create a completely new business or achieve an unheard-of improvement, but they will be the black swans. There will also be some businesses that may be dramatically impacted by AI in the next five to ten years, but it will be limited within a niche. For most the future is mundane improvements, for that niche, the disruption will be severe.”

Perhaps the question isn’t the impact of AI but rather the impact of not investing in AI. Can the organisation afford not to make a move towards a technology that has proven results and delivers improvements to the bottom line?

“If your competitors are improving their customer experience and gaining efficiencies, you have to keep up,” concludes Tullett. “The good news is that a lot of AI won’t require separate investment. All the enterprise software vendors have a plan to leverage AI capabilities within their products so they will be a subscription service for most customers. And that will effectively answer both questions.”

Security will be one of the key topics at the IDC CIO Summit 2019, taking place at Fairmont Zimbali Resort on the KwaZulu-Natal North Coast today.

Jon Tullett is the Research Manager, IT Services, IDC South Africa