AI & the enterprise: protect your data, protect your enterprise value

In 2018, I wrote an article asking, “Will your company be valued by its price-to-data ratio?” The premise was that enterprises needed to secure their critical data more stringently in the wake of data hacks and emerging AI processes. I wrote, “It may be even more important for the security team to protect and maintain the integrity of proprietary data to generate true, long-term enterprise value. This will require the adoption of new processes and products, many of which will be dependent on well-trained artificial intelligence-based technologies.”

Years later, here we are. Data is the engine that powers the corporate decisions we make; from the personalized customer experiences we create to the internal processes we activate and the AI-powered breakthroughs we innovate.

Reliance on this invaluable currency brings substantial risks that could severely impact an enterprise. Data theft leads to financial losses, reputational damage, and more. Likewise, compromised or tainted data can result in misguided decision-making, unreliable AI model outputs, and even expose a company to ransomware.

Data exfiltration in an AI world

It is undeniable at this point in time that the value of your enterprise data has risen with the growth of large language models and AI-driven analytics. This has made data even more of a target for bad actors and increased the damage resulting from malicious or accidental exposures. Sadly, this is the new reality for CISOs, with data exfiltration creating unprecedented risks. Stolen datasets can now be used to train competitor AI models. And with powerful AI techniques that extract deep details from stolen datasets, even small data losses can have seismic impacts.

Human error in data loss

Human error remains a critical weak link in data loss. For example, employees might inadvertently broadcast corporate secrets by inputting sensitive company information or source code into public-facing AI models and chatbots. Unfortunately, these human errors can lead to catastrophic data breaches that no policy or procedure can entirely prevent. Training and policy are critical, but mistakes can still occur, and no amount of training can change the behavior of a malicious insider.

Traditional Data Loss Prevention (DLP) solutions have been around for decades, but their adoption and effectiveness have been mixed. However, the new data theft risks in the AI era may finally push DLP into the spotlight. Modern DLP solutions are enhanced with AI capabilities and offer more automated, context-aware protection. They can better understand data patterns, user behaviors, and potential exfiltration scenarios. This evolution makes DLP more effective and less intrusive, potentially overcoming historical adoption barriers, although deployment complexity may still present a hurdle.

Risk of compromised data

Another major risk issue for executives is compromised data or data contamination. Imagine a hacker compromising a healthcare database and simply changing the blood type of every individual in a research study or the entire patient population. Models could be corrupted to produce inferior results, and in the worst case, patients could die. In any scenario, the results would be disastrous.

Data provenance could help safeguard against data contamination. The ability to trace data’s origins, movements, and transformations throughout its lifecycle is a crucial part of a CISO’s work kit.

Maintaining a clear audit trail is essential when data flows through multiple systems, is processed by various groups, and undergoes numerous transformations. Good data provenance helps identify the source of potential contamination and understand how data has been modified over time. This is an important element in regulatory compliance and data quality.

AI-native solutions have been developed that can track the provenance of data and the identities of those working with it. Advanced anomaly detection systems can identify unusual patterns in data access or modification, flag potential security breaches, or locate data contamination events in real-time.

Natural language processing can analyze and categorize data as it’s created or ingested, automatically applying appropriate security tags and access controls. AI companies and machine learning models can help detect data patterns and protect data sets.

Ransomware attacks

Recall the ransomware hack on MGM Resorts International hotel reservation systems, digital room keys, casino gaming systems, and restaurant point-of-sale systems. MGM shut down services across its Las Vegas properties for days. The company later estimated losses of $100 million due to the attack.

Similarly, in August 2023, Clorox was hit by a ransomware attack that disrupted its operations for weeks. The attack impacted its manufacturing systems, order processing, and inventory management, which resulted in product shortages and significant financial losses, estimated at $365 million in lost sales.

Combating these threats and protecting enterprise value, means businesses must prioritize safeguarding their data. Having a strategic data governance program that combines technological solutions with robust policies and employee education is a must.

Some of the new solutions available for enterprise executives to research include AI-powered threat detection, identity verification, zero-trust architecture, AI-enhanced endpoint protection, and AI systems to run automated incident response. These tools can detect, intercept, and shut down data attacks and work to rewind the data and systems to their prior good state. Having these protections and systems in place by the start of 2025 should be at the top of every CISO’s wish list.

Threat to enterprise value

Suffering through any of the scenarios presented above poses a serious threat to enterprise value. This may be reflected in short-term financial losses, like a sliding stock price or decreased market share, to lower customer retention rates and reduced ability to innovate. The long-term impact may eventually erode shareholder confidence and market position.

None of the prior risks contemplate the rise of quantum computing – they can all be achieved with the tools, techniques, and human behaviors present today. However, quantum computing will present a major market discontinuity, as all of today’s encrypted data can be easily compromised. Things will get worse.

What will your protection be against quantum computing attacks on your data? How long might it be before a hacker group unlocks your data and intellectual property, perhaps already harvested with or without your knowledge, and potentially uses that data for harm? As we move further into the AI era, companies must gain the ability to ensure data integrity, track its provenance, and control data access. Those who can do this effectively by leveraging advanced technologies will protect their data assets and, with them, their enterprise value.