Aravind Varadhrajan, Sr Vice President and Managing Director, Metricstream India and APAC

Aravind’s passion for inspiring others and leadership style have been at the forefront of his professional success. In addition to empowering his team, Aravind is a champion of diversity and inclusivity. In founding the APAC region at MetricStream, he has demonstrated a willingness to think outside the box solving customers’ most difficult challenges and delivering long-term value.  His focus on high-performing teams is evidenced by his years of experience across a range of roles including pitching elaborate sales and marketing concepts, leading product development, and developing new markets.

 

The pace of digital transformation in India has accelerated rapidly since the COVID-19 pandemic. Our dependency on technology has gone up with more businesses now taking a digital-first approach. While this may bode well for India’s digital transformation mission, on the flip side, it has opened doors to new risks that can have damaging consequences on business continuity. 

Given this situation, business leaders need to have a clear understanding of the exposure, vulnerabilities, and potential losses on emerging cyber threats to their companies. In fact, the need to implement a concrete risk-based approach to cybersecurity is more now than ever before. And here’s why businesses should consider automated IT-based governance, risk, compliance (GRC) approach to effectively counter cyber threats. 

An increasing digital footprint has made businesses more vulnerable to cybersecurity risks

As companies expand their digital footprint, they become more prone to cyber-attacks. The increasing amount of data from IT security monitoring and performance tools makes them more vulnerable to potential cyber threats. A recent survey by a prominent firm showed that Indian companies experienced a 25% jump in cyber threats during the pandemic. It brought to light the cybersecurity challenges companies had to deal with as people started working remotely. Another study showed that the most common cybersecurity issues that Indian companies encountered were related to insider threats and data breaches. 

Leveraging AI to thwart cybersecurity incidents

Business leaders, therefore, need faster and better risk visibility to make quick decisions. This can be achieved by adopting an advanced integrated, and automated IT-based GRC approach to business. 

Businesses have started augmenting threat-monitoring tools with Artificial Intelligence (AI). The potential for finding patterns of security vulnerabilities and IT asset performance can be significantly enhanced by the incorporation of this technology. However, AI still requires human analysis of the reports from those assets. Applying machine learning, GRC solutions can learn from human analysis and then continuously monitor for the emergence of high-risk vulnerabilities, thus catching them and, through cognitive computing, orchestrate corrective action that can prevent a major incident or failure.

How it works

Globally, AI is already improving the discovery of data relationships in governance, risk, and compliance (GRC). So now, if a risk assessor creates a link of a risk to a business objective, an auditor identifies a relation of a risk to control, and an IT security manager identifies a link between a control and an IT asset, an analyst now can evaluate the relationships between IT assets, risks and controls, and business objectives.  

Given enough time, through machine learning, a GRC system leveraging AI could begin to distinguish these relationships on its own. The system can then augment the discovery of linkages between data objects and make suggestions to human end users of the system. Additionally, rather than waiting for a human analyst to evaluate the relationships and trends, AI-backed GRC solutions could utilize cognitive computing to continuously analyze the data objects for any changes that could lead to greater risks or control failures. Any detected threats to the ability to achieve business objectives would automatically alert human analysts for investigation.

Ultimately, AI allows for saved time and a much more efficient process. When issues are identified earlier, it scraps the need for the manual sorting of excess amounts of data. In turn, the accuracy that AI provides in weaving through the complexities of cybersecurity issues is more than any trained professional could provide. 

Enhancing risk management through AI-powered recommendation engines

An AI-powered observation recommendation engine uses historical data available in the system to intelligently identify and classify the observations into areas such as cases, incidents, issues, and loss events. The use of artificial intelligence helps risk managers to improve the speed and accuracy of triaging these observations. The ability of artificial intelligence and machine learning models to analyze large amounts of observations improves analytical capabilities in risk management and compliance, allowing risk managers to identify risks in an effective and timely manner, make more informed decisions, and make operations less risky.

AI is a game-changer for managing cyber risk 

One of the biggest concerns for organizations is that they might not even be aware of the breach in progress. Cybercriminals target the weakest link which can’t be patched – people – who are working remotely, and this makes it even more challenging for organizations to manage their cybersecurity. As complex cyber-attacks are performed in stages over a period, organizations can perhaps reduce the damage caused by the attack if they were somehow better informed about the attack in its initial stage. 

AI can help organizations to keep sight of their cyber-attack risks by evaluating the risks associated with their people (employees, partners, vendors, stakeholders, etc.), processes, and technologies. Artificial Intelligence, therefore, is a game-changer for risk management and is one of the key drivers for transforming any industry. It saves time, boosts revenue, identifies risks and fraud, and adds value to the organization while ensuring business continuity.

As it turns out, the pandemic has triggered a surge in IT and cyber risk investments where key focus areas include IT security solutions and regulatory compliance. Overall, one can hope that the more organizations prioritize and invest in IT and cyber risk management systems like AI, the better prepared they will be to deal with both the opportunities and threats of operating in an increasingly digital world.

Related Articles