How big data can predict, detect and respond to cyber threats
From Anthem’s cyberattack that exposed the information of nearly 80 million people in 2015 to the WannaCry ransomware attack that affected the National Health Service in the UK, cyberattacks show no sign of slowing down.
Many healthcare organizations still rely on a patchwork of legacy systems that do not adequately manage and protect against increasingly complex cyberattacks. When combined with traditional information security practices, lack of modern response plans and insufficient resources in dedicated cyber security teams, healthcare organizations are left particularly vulnerable to attacks.
The changing healthcare landscape (industry consolidation and network centralization) adds scaling challenges associated with increasing volumes of patient data and places additional pressure on hospital IT systems.
It is clear that enterprises can no longer put their trust wholly in their traditional real-time perimeter defenses (such as firewalls) to protect them from attacks. Advanced modern threats, such as the attacks on Anthem, Premera Blue Cross and Banner Health, are designed to bypass those products. The increase in bring your own device (BYOD) programs, the expansion of the Internet of Things (IoT) in organizations and the significant growth in medical devices has only amplified the problem by increasing the attack surface to defend.
With the increasing prevalence and sophistication of cyber threats targeting healthcare organizations, payers and providers alike need to invest additional resources to protect their organizations. To combat these challenges, big data analytics technologies can be leveraged to better predict, detect and respond to malicious activity. Here’s how.
Predict and prevent
Traditional perimeter controls remain essential to a network’s security and are still highly capable of protecting against conventional cyberattacks. These types of defenses traditionally operate on a set of rules or filters that function in a binary way—data is flagged as either trusted or untrusted. As long as a threat does not trigger a pre-defined filter, it goes undetected. To predict and prevent advanced modern threats, there needs to be an additional security layer that has the ability to view threats in a non-binary way, which is where big data comes in.
Big data solutions (such as IBM’s Security QRadar, LogRhythm, RSA NetWitness, HPE ArcSight or Splunk) differ from traditional technologies in their ability to collect, store and analyze vast amounts of data—both structured and unstructured—in real or near-real time.
These characteristics are the key differentiator between big data analytics cyber defenses and traditional security protections: the ability to identify and correlate subtle anomalies within context. Thanks to its ability to scale, big data solutions can draw parallels under contextual insights across an entire enterprise over time. For instance, the technology has the ability to link an unusual access time on a mobile device to irregular activity around a sensitive data area occurring days apart as part of a potential breach.
Hence, with big data analytics, an organization has an increased ability to perform complex analyses, identify patterns and build predictive models to prevent breaches. Through modeling, an organization can recognize historical patterns of cyber threats and use the intelligence to calibrate to normal activity patterns and predict when something goes awry.
Additional uses of big data analytics to prevent cyberattacks include assessing network vulnerabilities and isolating incidents that could be related to attacks that occurred in the past based on historical data. When combined with the power of machine learning, safeguards can be built in based on predictive analysis to prevent increasingly advanced cyber threats.
Detect and respond
While prediction and prevention are vital to an organization’s security strategy, organizations cannot just invest in preventing breaches; they must be just as keen to invest in detecting and responding to these threats—and big data analytics can help.
According to recent studies, 89 percent of healthcare organizations have experienced at least one recent data breach and on average spend $2.2 million to recover. These high costs are correlated to the amount of time (approximately 99 days) it takes an organization to detect a breach after their network has been compromised. Generally, the longer a breach goes undetected, the more time an attacker has to breach other devices as well as additional layers of security to retrieve more records, thereby increasing the damage done.
Organizations that leverage big data analytics are 2.25 times more likely to detect a breach within hours or minutes, compared with organizations that do not, significantly limiting the amount of data impacted and, in turn, potentially dramatically reducing recovery costs.
When an anomaly is identified or a past breach pattern is detected, additional insights from data analytics then can mitigate and disrupt an attack. For example, these technologies can anticipate how an attack will progress and automatically cut off the perceived vulnerable devices and alert security analysts of suspicious activity, including providing actionable intelligence that allows for resolution. Ultimately, by enabling early detection and faster response times, big data analytics can reduce damage and, in turn, potentially reduce or avoid costs when a breach occurs.
For healthcare organizations to sufficiently protect themselves from today’s advancing cyber threats, big data analytics, when combined with appropriate information security practices, can be a powerful tool. However, implementing big data analytics for cyber security purposes is challenging; many healthcare organizations report that they lack the in-house expertise, appropriate technologies, and resources needed to successfully adopt these solutions.
To ensure a successful transition, healthcare leaders should partner with healthcare IT and security experts to help select the right technologies and vendors to establish a big data cyber security analytics strategy suited for their organization. Healthcare organizations that fail to do so continue to leave themselves exposed to significant risk.