Due to the increasing dependence of digitalteachnologies to conduct operations, cybersecurity became important due tocyber risk or incidents. Cyber risk a company may face includes remediation costfor stolen assets or information as well as the repair cost of system damagethat may have been caused, an increase it budget on cybersecurity, lost revenuefrom unauthorized use of proprietary information, litigation and mostimportantly reputation damage that deters customers or investors.
Since 2011, the Security and ExchangeCommission (SEC) has established the CF Disclosure Guidance: Topic no.2 to makecompanies disclose their obligations relating to cybersecurity risk and cyberincidents, the third line of defense from cyber attacks have fallen to thehands of internal audits. As an internal audit, several responsibility that isgiven includes working with management and board of directors to develop cybersecurity strategy, improving the company’s resistance to potential risk bothfrom internal and external attacks, keeping a current understanding of potentialcyber risk and make sure everyone is highly engaged due to the everchangingnature of cyber risk, make sure the number of personnel working oncybersecurity is sufficient and evaluate the cyber security program with theNIST Cybersecurity framework, ISO 27001 and 27002 and disclosing event of cuberincidents at a timely manner. However, due to the aforementionedeverchanging nature of technology and cyber risk, it is hard to stay in thearms race. In June of 2017, a global ransomware attack happened and due tobeing a new type of malware, it remain undetected when the malware enters thesystem. So I think using AI through the process of machine learning, it canhelp identify the security risk.
As Simon Crosby from Bromium said, the AI isnot going to be perfect, but it can help to reduce the burden placed on internalauditors on cybersecurity, since they learn from previous attacks and identifythe holes in the cybersecurity.