Back to Basics: The Role of AI in Cybersecurity
AI Can Circumvent Cybersecurity Controls
Healthcare organizations are trying to become more adept at turning the vast amount of data that they collect, store and share into actionable insights. They’re using more meaningful analytics and turning to AI-powered solutions for clinical decision support. They’re also looking for ways to use AI to reduce the administrative burden on staff members and to streamline workflows.
All of that data is very attractive to cybercriminals, who are really going after business intelligence. So, they’re using AI to break through healthcare’s cybersecurity controls, and they’re not differentiating between small community hospital and large health systems. It’s all fair game to them.
There are several AI-related attacks that malicious actors will deploy. Commoditized AI-powered attacks rely on a kit or service: Malicious actors who don’t know much about how an algorithm works can simply buy a solution on the dark web and launch their own attacks. Some examples include data-intensive password cracking, assisted hacking and the use of deepfakes to improve social engineering attempts.
DISCOVER: Follow these best practices to improve cyber resilience in healthcare.
Some emerging AI-assisted cyberattacks include ransomware, advanced persistent threats and business email compromise. In each of these attacks, AI is being used to enhance the kits that exist on the dark web. In some ransomware cases, the use of an AI ransom negotiator could make the situation even more difficult.
AI-assisted APTs can be especially harmful because malicious actors are using AI to consistently attack the same health systems in different ways and looking for a window of opportunity to penetrate networks. These attacks can require months of close surveillance. The malware that is collecting information from a healthcare organization can remain undetected and start to exfiltrate sensitive information at a slow rate, evading security tactics.
Cyberattacks are going to become more sophisticated. C-suite personnel and other leaders will be favorite targets as malicious actors try to gain valuable information that affects multiple health systems.
AI Can Support and Strengthen Cybersecurity Defenses
A growing number of vendors are integrating AI into their cybersecurity solutions. Cisco recently unveiled HyperShield, a new security offering that uses AI. Google Cloud and Palo Alto Networks announced an expanded partnership to continue strengthening cybersecurity with AI.
So, while the use of AI by malicious actors is of serious concern, industry leaders such as Google CEO Sundar Pichai are also hopeful about the ways that AI can help organizations defend against cyberattacks.
AI solutions can help with data discovery and classification, offering visibility into where security gaps exist, justifying access privileges and creating business processes to protect data. When it comes to identity access, we must determine how and when to enforce profile policies. It’s really about understanding business value and workflow and what maintains viability. Organizations must treat cybersecurity as a business decision, not just an IT decision.
Next, AI response systems can help with infrastructure design. These are complete defense systems that can detect intrusions, since the telemetry is being read and acted upon in nearly real time. These platforms can process information intelligently within nanoseconds and can protect data as perpetrators try to gain access to the network. This robust analysis and speed to response is increasing with the help of AI in cybersecurity products.
READ MORE: AI can help healthcare organizations bolster patient data security.
Finally, AI will help with backup intelligence, or smart restoration orchestration. If a particular server or region is being attacked, that backup intelligence will be able to restore data. You may not even notice that the affected file has been removed and restored with a clean slate of data. This requires proactive monitoring. It will improve capacity planning, because now the backup system can better manage its storage consumption.
In the realm of cybersecurity strategy, the significance of the National Institute of Standards and Technology’s Cybersecurity Framework 2.0 cannot be overstated. It illuminates the network of security within an organization, transcending the confines of the security operations center.
This revised framework fosters inclusivity, bringing diverse stakeholders into the fold and dispelling any notion of security being solely the concern of any one team. It facilitates coherent communication by standardizing terminology across IT, bridging the gap between executives and frontline security personnel. Enterprisewide application of the framework can broaden the spectrum of decision-makers, instilling a sense of confidence and ownership among all involved parties.
This article is part of HealthTech’s MonITor blog series.