Artificial Intelligence (AI) continues to have broad impacts on industries. While most of what is featured in the news focuses on the ability of AI to create written works, art, or fabricated images, there are some positive uses for the technology. Medical science has benefitted through faster analysis and diagnoses, and meteorology has also seen improvements in storm prognostication. Cybersecurity is also experiencing some of the benefits of AI.
We spoke with three experts to learn more about how business continuity and disaster recovery can be improved with the use of AI.
More Than a Writing Coach
While many people treat AI as a specialized writing tool, our respondents see AI capabilities beyond the realm of mere document creation. Ross Moore offers insight into the predictive capabilities of AI in a cybersecurity setting, stating, “In the physical systems arena, Machine Learning (ML) algorithms detect anomalies (pattern recognition) in metrics like temperature, vibration, or error logs that precede failures. For example, AI can flag a specific sequence of server errors that have historically led to crashes.”
“Models trained on failure histories and sensor data calculate the probability of component breakdowns, enabling preemptive repairs.”
Ross Moore
Chloé Messdaghi echoes this sentiment, adding that “Integrating AI into disaster recovery plans offers clear advantages, especially in improving response times and resource allocation. Predictive analytics, powered by AI, can help organizations anticipate problems and take corrective action before incidents escalate.”
Of course, the predictive capabilities are not limited to only the way that machines function. Annick O’Brien expands the power of AI to include imposter prediction. “AI is excellent at analyzing huge amounts of data. It can spot patterns that might indicate a system failure or a cyberattack. Think of it like this: AI uses machine learning to notice when things aren’t quite right in our network traffic, server performance, or even how users are behaving. By detecting these anomalies, AI can help us predict and prevent problems.”
It’s Not Only About the Machines
The main distinction to make about the difference between disaster recovery and business continuity is that disaster recovery is focused on restoring the machinery to a working condition, while business continuity focuses on the wider aspects of the business. O’Brien explains, “Business continuity is less about physical security and more about data integrity. The key objectives being recovery point and recovery time. However, what if we had a way to see potential problems before they happen? That’s where Artificial Intelligence comes in, acting like a digital crystal ball for disaster recovery.”
With that in mind, Moore emphasizes: “It’s all about the quality.The list of areas positively impacted by AI goes on – threat intelligence analysis, automated response, threat modeling, risk scoring, and threat hunting, and early warning are benefits of the increased performance of AI and ML.
Moore continues, pointing out that “the effectiveness of AI depends on data quality and system design. Improved technology often only speeds up current processes; it’s up to people to make good processes. If the process is bad, then it’s just a super-fast bad process. When it comes to data, the principle of GIGO (Garbage In, Garbage Out) must be strictly observed. Incomplete historical data, data from the incorrect logs, or data that has nothing to do with the true goal can lead to false positives in failure prediction, as well as incorrect calculations, and inaccurate attribution.”
Keeping an Eye on Those Affected
A business disruption is more than just a challenge for the operational aspects of the organization. There is a human element at work as well. Messdaghi presents a view from this perspective: “AI cannot simply be a tool to restore systems as quickly as possible; it should be integrated in a way that takes into account the human and ethical dimensions of disaster recovery. Recovery efforts should not only focus on restoring business operations but also on protecting and supporting the individuals affected by the disruption. The use of AI in recovery plans should be aligned with values of fairness, transparency, and respect for those impacted by the event.”
Speaking of Ethics
AI is rarely mentioned without the importance of its connection to ethics. Arguably, this is because of the publicized unethical uses of it. However, in cybersecurity the rules that govern all data handling are no different just because an AI tool is used. While our panelists all share the same sentiment about the ethical use of AI in disaster recovery and business continuity, their views introduce individual nuance, signaling just how sensitive the topic is.
O’Brien explains that “we need to be very careful about data privacy, making sure that data is anonymized and handled securely. There’s also the issue of algorithmic bias, where AI might make unfair decisions about resource allocation. Again, this is where human oversight and company codes of ethics come in.
Messdaghi explains it this way: “Ethical guidelines must also govern the decision-making process of AI systems during disaster recovery. For instance, how decisions regarding resource allocation and prioritization are made must be clear and just. AI should not perpetuate biases or take actions that disadvantage certain groups of people. Therefore, establishing safeguards to ensure the fair and responsible use of AI in these contexts is vital.”
In Moore’s view, the ethical concerns, especially within cybersecurity frameworks tell a cautionary tale. “The integration of AI into disaster recovery frameworks raises significant ethical concerns, particularly around data privacy and decision-making. There’s a high level of mistrust surrounding what AI is doing when it requires substantial amounts of sensitive data – including personal, financial, or health information – to make accurate predictions. This can lead to potential privacy violations if the data is mishandled or stored longer than necessary.
“The use of AI in disaster recovery inevitably raises important ethical concerns, particularly in terms of data privacy and decision-making. Ensuring that data is handled with transparency and accountability is essential to avoid breaches of privacy and maintain trust.”
Chloé Messdaghi
Supercharging Disaster Recovery
Each of our experts agreed that AI has more positive than negative implications for business continuity and disaster recovery. As Messdaghi describes it, “Integrating AI into disaster recovery plans offers clear advantages, especially in improving response times and resource allocation. Predictive analytics, powered by AI, can help organizations anticipate problems and take corrective action before incidents escalate.”
“AI can make disaster recovery much more efficient. By integrating AI into our recovery plans, we can automate risk assessments, prioritize what needs to be fixed first, and even run simulations of disaster scenarios to test our plans. This means we’re better prepared and can recover faster when something goes wrong.”
Annick O’Brien
Moore expresses a similar view: “AI-powered assets may help with resource allocation during a disaster. Those tools can recommend the optimal distribution of backup servers, cloud capacity, and personnel during crises.”
When asked how organizations could address these and other concerns around the use of AI, Moore provided some advice, as well as a checklist to help organizations answer the question:
“An Artificial Intelligence Management System (AIMS) is good to have in place. Whether informal (active but not documented), formal (documented), or attested (ISO 42001), AI in DR should operate within one’s own AI governance.”
- Data Privacy Measures:
- Use data anonymization and encryption to protect sensitive information.
- Establish clear data governance policies that align with privacy laws.
- Fair and Transparent AI:
- Audit AI models for fairness, and ensure decisions are explainable.
- Engage diverse stakeholders during AI model development and deployment.
- Accountability Frameworks:
- Define roles and responsibilities for AI decision-making within the organization.
- Maintain human oversight in critical decision-making processes.
- Informed Consent:
- Clearly communicate data use policies and allow opt-out options when feasible.
- Appropriate Resource Allocation:
- Regularly review AI outcomes to ensure proper distribution of recovery efforts.
- Strong Security:
- Implement strong cybersecurity measures to protect AI systems and data.
- Regularly assess and update AI models to prevent exploitation.
- Ethical AI Practices:
- Adopt industry standards and ethical guidelines for responsible AI use.
- Include ethics reviews as part of disaster recovery and business continuity planning.
Moore concludes, “for all of these, the primary concern is to keep the final decision-making with people, and not AI. Some aspects of AI are still only in the dream phase, and some available components are too pricey for many organizations. An important process is for the business to determine what’s appropriate.”
AI is in its infancy, yet it is already showing great promise in multiple industries. In cybersecurity specifically, AI holds transformative power, not only to combat, predict system failures, and combat threats, but to also help cybersecurity professionals to respond faster.
For more expert insights on a myriad of cybersecurity topics, see our other posts here.
Bob Covello is a technology veteran with a passion for security topics. He is also a volunteer for various organizations focused on helping others both within and beyond the cybersecurity community.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.