Security

How Mature Security Analytics Can Be a Weapon Against Cyberthreats

Applying artificial intelligence and automation to security analytics not only makes threat management more efficient but also supports cloud migration and zero-trust implementation.

Brian Eastwood

Twitter

Brian Eastwood is a freelance writer with more than 15 years of experience covering healthcare IT, healthcare delivery, enterprise IT, consumer technology, IT leadership and higher education.

The risk cyberthreats pose to healthcare organizations has never been greater. In 2021, the industry saw an all-time high in the number of data breaches reported (679) and the number of individuals affected (45 million), according to an analysis of U.S. Department of Health and Human Services data.

IBM’s “Cost of a Data Breach Report 2021” indicated that the average breach costs a healthcare organization $9.2 million, more than double the average for other industries. This cost includes detecting the breach, mitigating it and notifying all individuals impacted. The figure also accounts for revenue lost when care cannot be delivered, which is increasingly the case when organizations are hit with ransomware attacks.

The industry’s main challenge in the face of growing cyberthreats is acquiring enough people, skills and technology to address cybersecurity needs. In a competitive job market and with margins tightening, the most effective approach for organizations is to integrate and automate their cybertechnology stack toward what is commonly termed extended detection and response, or XDR, says Bob Kalka, vice president of worldwide security technical sales for IBM.

DISCOVER: How IBM delivers analytics and real-time defenses to protect patient data.

Proper Management of Security Analytics Tools Is Vital for Healthcare

Security analytics is a prime example. Healthcare organizations have a multitude of tools in place to collect, aggregate and analyze data, monitor security across the enterprise and detect threats. But few of these tools have been optimized to meet healthcare’s unique needs, which include links to a vast ecosystem of vendors and partners, medical devices that monitor patient activity 24/7, and an expanding secure access service edge to support remote care.

“Organizations need to spend the time to tune their security analytics tools correctly. Otherwise, they’ll get a lot of false positives,” Kalka says. The effect is similar to the alert fatigue felt by users of electronic health record systems. “After a while, you stop paying attention — and that’s when a breach is likely to occur.”

Kalka describes the process of tuning security analytics as adding a combination of wisdom and horsepower. Wisdom comes from working with industry partners and technology solutions that have the experience and expertise to meet healthcare’s needs.

Horsepower, on the other hand, is making the most of the tools that are already in place. “The answer isn’t to buy another engine, but to get more from the engine you have,” Kalka says. “You can accomplish that with technology accelerators such as automation and artificial intelligence.”

Manage Threats and Modernize Infrastructure with Security Analytics

A mature approach to security analytics — one that’s tuned to the needs of healthcare and designed to reduce the tedious manual labor of threat detection and response — can support healthcare’s overall cybersecurity efforts in two important areas: threat management and infrastructure modernization.

Threat management has three components: Organizations need to find threats, confirm that they pose enough of a risk to warrant remediation, and fix the problem that allowed the threat to surface.

Most organizations take a reactive approach, primarily by logging suspicious activity; for example, a contractor downloading thousands of files, or a specific IP address getting hit with a surge in traffic.

Logs are important, Kalka says, but they are a record of something that has already happened. Organizations are far better served by more proactive threat management. One approach is automated threat monitoring; IBM Watson, for example, ingests security threat monitoring data from more than 1 million sources per day. Another approach is attack surface management, which continuously monitors IT infrastructure for potential cybersecurity risks. A third is automated incident response, which in essence gives organizations a playbook for addressing threats and fixing problems without the need for human intervention.

Click the banner below for more HealthTech content on security and zero trust.

“Automation and AI can do things that not even rooms full of humans can do,” Kalka says. “You go from hours, days or weeks before you know that something has been compromised to minutes or even seconds. That’s better for your security personnel.”

Security analytics also supports infrastructure modernization efforts, such as the transition to a hybrid cloud model. Here, organizations need to be careful that their cybersecurity strategies modernize along with their infrastructure.

Kalka offers two examples. One is the practice of pulling data back on-premises for the purpose of security analysis. Most cloud service providers charge an egress fee for moving data, which can add up quickly. But data federation — investigating data on the cloud where it resides — enables security analytics to occur without moving data and incurring a fee.

The other example is support for the zero-trust approach to security. As organizations migrate workloads to the cloud, sensitive data is no longer able to “hide” on-premises, Kalka says: “It exposes every cyber elephant they’ve been able to contain.” (A recent report from Osterman Research found that fewer than half of organizations are able to find sensitive data in cloud-based applications and file sharing services.)

Zero trust requires identity verification from any person, device or entity trying to access an organization’s resources. Automation can be applied to many elements of the zero-trust framework, including (but not limited to) identity governance, access management, authentication, data encryption, fraud detection and configuration.

“This ensures that the right user has the right access to the right data for the right reason,” Kalka says.

Brought to you by: