OpinionBeyond Productivity: AI mandates rigorous access management and sensitive data classification
Opinion
Beyond Productivity: AI mandates rigorous access management and sensitive data classification
"The greatest challenge for organizations in the AI era is balancing the benefits of technological advancement with the need for high levels of security," writes Shiran Bareli, Head of Research at Cyera.
Artificial Intelligence is rapidly reshaping the business world. Gartner predicts that by 2025, 75% of organizations worldwide will have integrated at least one AI tool into their operations. These tools bring significant advantages—enhancing organizational efficiency, enabling large-scale data analysis, improving decision-making, and boosting overall productivity. However, alongside these benefits, AI introduces complex cybersecurity challenges that necessitate advanced solutions.
One significant challenge AI presents is managing employee access to sensitive information. As AI tools automate more processes, they create substantial obstacles in data management, requiring precise access control. The broad access these tools provide can inadvertently expose sensitive information—like personal employee data, financial records, or strategic plans—to unauthorized personnel.
These advanced AI systems, designed to streamline information retrieval, inadvertently exacerbate the potential for unauthorized data exposure. For instance, if an employee is mistakenly granted access to sensitive information, such as a document containing confidential personal details, the presence of AI-powered tools makes it alarmingly easy to locate and retrieve this data. Unlike the laborious task of manually searching through vast repositories, AI tools enable quick and precise queries, effectively turning what was once a needle-in-a-haystack challenge into an immediate risk.
Recent years have seen a dramatic increase in data breaches due to inadequate oversight of employee access to data. A Varonis report found that in 2022 alone, there were over 1,800 documented data breaches in the U.S., compromising the information of more than 422 million individuals. The primary cause is employees having access to folders containing sensitive information. The report revealed that 51% of companies allowed access to over 100,000 folders to all employees, making critical information accessible to unauthorized personnel.
The consequences of such data breaches are particularly severe when they involve sensitive personal or strategic business information. In a major breach in 2022, for instance, the data of 69 million Neopets customers was leaked after hackers infiltrated the company’s systems for over a year before the breach was discovered. In other cases, junior employees accidentally accessed information like salary data or company strategies, leading to significant financial and reputational damage.
It’s important to note that data breaches don’t just directly harm the organization—they also have broader implications for the entire market. An IBM report highlights that the average cost of a data breach is approximately $3.9 million, with business loss constituting a significant portion of the total cost.
The first and most crucial solution for addressing these security challenges is strict management of data access and classification of critical organizational information. Organizations must ensure that every employee has access only to information relevant to their role. Advanced Identity and Access Management (IAM) technologies allow organizations to create complex access controls based on roles and permissions, thus reducing the risk of unauthorized access to classified information.
Additionally, investing in anomaly detection systems is essential. These systems can flag unusual access attempts to sensitive information and monitor activities within the organization’s systems, allowing for a rapid and effective response when irregular access is detected.
Beyond technological tools, organizations must invest in ongoing employee training on information security and privacy protection. These training sessions should ensure that all employees understand the risks associated with AI and the importance of adhering to data access policies. Moreover, organizational leadership must play a key role in establishing clear policies and consistently enforcing information security protocols.
The greatest challenge for organizations in the AI era is balancing the benefits of technological advancement with the need for high levels of security. As more organizations adopt AI solutions, the demand for advanced information management and security solutions will grow. Organizations that act responsibly, integrating new technologies with strict security practices, will be best positioned to leverage AI’s benefits while minimizing associated risks.
Shiran Bareli is the Head of Research at Cyera, a Data Security Platform
