“If our data is going to be attacked—by robots, by botnets from people who are marshaling lots of computers to attack our applications on the cloud—it’s got to be our robots vs. their robots. That's what we are doing: using our own bots to detect these threats and remediate these threats automatically, without human intervention.” — Larry Ellison, Chairman and Chief Technology Officer, Oracle
Ellison made this comment during the announcement of Oracle Autonomous Database Cloud, but the words apply equally to finance (and other lines of business) as they do to IT security. Cyber thieves use computers and applications to attack other computers and applications. The FBI says that ransomware—where thieves lock up systems and demand a ransom to unlock them—is the fastest-growing malware threat. Malware developers are churning out sophisticated applications and then advertising on the “dark web” for hired guns to distribute them. The developers take a cut of the ransom for every attack.
Clearly, those using technology for good need to up their security game. Human intelligence alone can’t win the war on cyber security.
Right now, most organizations respond reactively once an accidental exposure or data theft has happened. They devise and apply software patches or create additional workarounds after the damaging event. This strategy is failing to stop breaches that are hurting businesses and causing them to lose money, productivity, and trust.
Anomaly detection, driven by machine learning, is a more effective strategy because it is proactive and sheds light on unusual activity that could be a threat before it becomes a crime. It’s also been bolstered by advances in autonomous machine learning in both hardware and software. Servers and applications can now “learn” new anomalies and add that knowledge as ongoing detection work happens autonomously. Humans don’t need to intervene in the process, so they can devote more time to understanding and responding to high-priority alerts of unusual activity.
Oracle has broken new ground in cloud security with the Autonomous Database Cloud. It’s a database that continuously patches, tunes, backs up, and upgrades itself without manual intervention—all while systems are up and running. It’s part of the new reality of solving cyber-security challenges.
Humans are still an important part of the security equation, but automation elevates that role to be more strategic and proactive rather than rote and reactive. In fact, human intelligence amplifies machine intelligence because people continually learn what threatening behavior looks like and so can better judge how to respond.
The same autonomous and intelligent capabilities can be embedded into cloud applications. This, too, is where human intelligence amplifies machine intelligence.
Finance is a good example. Applications like Oracle Risk Management Cloud make cloud ERP implementations more secure by monitoring and preventing suspicious access. Risk Management Cloud also provides valuable contextual knowledge about risk that helps streamline and fortify decision-making about certification and compliance. This intelligent assistance can be particularly valuable for decentralized companies that have operations in multiple markets, and thus highly variable compliance requirements.
For example, the European Union’s new General Data Protection Regulation (GDPR) applies to any business that directs services to the European Union or handles the personal data of individuals located in the European Union. The world’s largest 500 companies are tracking to spend $7.8 billion on GDPR compliance. Having context about when GDPR is applicable and when it is not could help those companies adopt more targeted protocols so they don’t overspend to achieve compliance.
European telecommunications customer Orange was able to significantly increase automation and is working on reducing the number of employees that need access to the ERP system through process streamlining and professionalization of requester teams. Didier Chabrerie, CCO, says, “It’s a very exciting time, a few years ago there was nothing on the market. Everyone was saying data, data, data but there was no way to leverage it. Now, with ML, we have tools in finance to make us more efficient and improve our reporting process.”
At the same time, automation itself can help protect data at the application level simply by reducing or eliminating a human touch point. When processing is always standardized and running in the background through automation, there is simply less opportunity for purposeful or accidental sharing or exposure of data.
Research by McKinsey & Company Global Institute concluded that the following finance functions are strong candidates to be fully or highly automated: general accounting operations, cash disbursement, revenue management, financial controls and external reporting.
Finance as a line of business can be integral in helping organizations get ahead of the next security threat. Not only is finance the steward of highly valuable planning and performance data, but finance professionals handle many activities that are attractive to criminals who want to take advantage.
The best thing technology and finance leaders can do is to leverage the power of humans and machines—making their data and systems more secure by adding intelligent assistance and automation to their cloud databases and applications. Thieves are using the most sophisticated technology they can get their hands on to attack servers and applications, so businesses and organizations need to do the same.
When it comes to winning the ongoing battle for cyber security, getting ahead of threats is the key to prevention, and autonomous machine learning makes that possible.