AI is not just a buzzword. Machine learning technology, commonly used in security and event logging, can also be used to execute cyberattacks in the enterprise, generating insights relevant to a targeted end user. This capability leaves plenty of room for exploitation, for example, highly customized spear phishing attacks are made possible by the automation technology.
To defend against these evolving threats, security professionals need to be proactive about investing in cybersecurity and AI.
In this video filmed at the 2019 MIT Sloan CIO Symposium, Kush Saxena, chief technology officer at Mastercard, explains how the company's cybersecurity ideology applies to both the consumer chain and internal employees, as well as AI's role in implementation.
Saxena, a speaker and panelist at the conference, explains how security events are scored and false positives identified. He also describes how complementing cybersecurity with AI can help companies combat sophisticated attacks.
Additional reporting by Kassidy Kelley.
Editor's note: The following transcript has been lightly edited for clarity and brevity.
How has AI affected your practice on cybersecurity?
Kush Saxena: I think the way you approach cybersecurity and AI has got to be two-fold. On one side, you've got to decide that cybersecurity and privacy matters. That's a strategic decision. It's an expression of strategic intent by the company. We've been really progressive on that. We were among the first ones to declare both privacy by design and cybersecurity by design. So the question becomes: Is AI the right technology to help you sort of execute against that intent? Like I said, we are big believers in a safe ecosystem.
Our value chain includes bank and merchants and consumers and several industrial players in between. Every single one of those has got to be secure. We use AI extensively to make that entire value chain safe. Everything we see, 100% of our transactions are scored. We focus on and obsess about the quality of the scoring -- our false positive rates and all of the above. Yes, we've had deep intent on making not just ourselves secure, but the entire ecosystem we operate in secure. We've used AI a lot to make that happen.
Does your ideology on cybersecurity and AI apply to both the consumer chain and internal employees?
Saxena: Privacy is an individual value proposition. In my mind you don't distinguish between customers, consumers and employees. We treat privacy for employees the way we treat privacy for consumers the way we treat privacy for customers. With laws like GDPR, I think frameworks for that have been expressed and have been developed. I think those become great tools for companies to apply those en masse without differentiating between customers, consumers and employees. So, absolutely for us, it's both of those. It's all of those populations and we don't differentiate in how we treat them.