Andy O. Heikkila

@andyoheikkila

Zero Trust, Machine Learning, and a World in Cyber-Peril

Anybody that’s been following tech for the last few years knows that there’s no escaping the topic of cybersecurity anymore. Whenever we talk about radical technological advancements and the ways that they can better our society, we also have to think about the ways that malicious actors could turn those advancements against society.

Let’s use the field of medicine as an example. Telemedicine, the internet of things for healthcare, and even driverless cars with biometric sensors are some of the foremost emerging medical technologies with public benefit; video conferencing appointments in lieu of traditional physical checkups save time and money, while mobile implants could alert, say, a driverless ambulance the minute that the patient is in peril. Unfortunately, without proper cybersecurity measures, these same innovations could be used to steal patient data, including personal and financial information, disrupt regular healthcare operations, and ultimately put innocent lives on the line.

From Healthcare to Every Other Field

Healthcare is an apt example because the field has already seen significant problems as a result of cybercriminals and their nefarious efforts. Bradley University’s online resources mention that phishing and ransomware attacks have been particularly effective against hospitals as “cybersecurity concerns are often overlooked by health care providers … [and] the impacts of an attack can be devastating on a practice’s operation, comparable if not worse in scope than problems associated with a disaster such as a fire.”

Indeed, the experts at Duquesne have stated that “Ransomware is potentially the worst possible hacking assault a healthcare organization can face,” especially if files and systems haven’t been backed up. Short of paying the ransom (or a deus ex machina “killswitch” found by accident, as was the case with the WannaCry ransomware strain), hospitals have no recourse against these particularly potent bits of code beyond saying goodbye to all the files and data they ever had — which simply isn’t an option.

As a result of such a tumultuous digital climate, healthcare administrators must now be equipped to fight cybercrime specifically, including recognition of potential threat types, cyber-risk management, personnel management, and crisis management, according to Marylhurst University. These skills aren’t specific to healthcare administration, but to administrators, managers, and leaders in organizations the world over, regardless of the field. The problem is that cybercriminals and malicious actors always seem to be one step ahead and prey on even the slightest mistakes made by organizations big and small.

The important takeaway here is that those mistakes are common and contribute to undermining data security. In fact, the infamous 2017 Equifax breach was blamed upon an employee’s lone error. While plausible, this doesn’t indemnify the leaders of companies hit by cyberattacks, as it is their responsibility to make sure that their organizations are ready to take the full brunt of these attacks. According to most recent reports, they’re failing miserably.

Cybersecurity Shortcomings and the Zero Trust Model

The latest Hiscox Cyber Readiness Report 2018 surveyed over 1,000 department managers, IT specialists, and other key professionals from US companies of varying size. The results reveal that a dire 73 percent of firms surveyed face major shortcomings in cybersecurity readiness, as well as other key findings:

  • The average cost of cybercrime to organizations with more than 1,000 employees was $1.05 million, with the highest costs topping $25 million.
  • The average IT budget of respondents was $11.65 million. 60 percent of respondents believe this spending will increase by 5 percent or more.
  • Out of the companies making investments in further cybersecurity efforts, 54 percent indicated that employee training helped reduce breaches and incidents. Furthermore, 43 percent of US companies reported conducting cybersecurity exercises, such as phishing experiments, contributed to understanding and improving employee behavior and readiness.

Unfortunately there is no technological quick-fix that currently exists which we could use to patch all of these shortcomings. What we can do, however, is change our attitudes. In an interview with TechRepublic’s Dan Patterson, Centrify chief product officer Bill Mann explains that a new approach in the way we trust things could fundamentally change the cybersecurity landscape. He explains:

We inherently trust too much in our environment and our inclination to trust too many things has really led to us relying upon forms of security which are really not helping us in the new world order … We used to trust that the firewall was going to keep the bad guys out, but the reality is that the bad guys are already in our environment. Also, the reality is that we’ve got a lot of mobile workers and outsourced IT, and we’re using stats and infrastructure as a service … [and these dangers are] not residing within the walls that the firewalls were previously protecting. So that model has got to change … we’ve go to go to a model where we explicitly trust things. So instead of “implicitly trusting”, we’ve got to go to “explicitly trusting.”

Mann explains further that the elements of explicit trust come down to always knowing the devices on your network, always knowing which users are on those devices, and consistently adapting your policies so that users only have access to what they need, or have the “least privileges necessary” to do their jobs. If 80 percent of breaches are truly due to compromised credentials, as Mann states, the Zero Trust model could go an extremely long way in securing our organizations and the data they hold.

Machine Learning: The Magic Bullet?

While no cure-all currently exists for the world’s cybersecurity woes, AI and machine learning technology have shown promise and potential as breach protection solutions. Multiple vendors have responded to the call in this regard, producing software that monitors entire networks in real time, calls attention to anomalies as they present themselves, and shuts down threats before a security breach ever occurs.

I covered one such company, Darktrace, in my previous post, “Cyber Security Trends and Threats to Watch for in 2018”. The company employs what they call an “enterprise immune system”, the terminology owing to their shift away from the old “fortress mentality” that we can no longer trust.

“The big challenge that the whole security industry and the chief security officers have right now is that they’re always chasing yesterday’s attack,” says Darktrace CEO, Nicole Eagan, in an interview with Wired. “That is kind of the mindset the whole industry has — that if you analyze yesterday’s attack on someone else, you can help predict and prevent tomorrow’s attack on you.”

Brian Beyer, CEO of Red Canary, a company that provides a similar machine learning-based cybersecurity solution, concurs that this approach is flawed. In an interview with Julian Mitchell, published via Forbes, Beyer adds his two cents:

“To use the physical analogy, most businesses spend their time adding padlocks and door alarms to protect their sensitive data,” he says. “They earnestly hope that adding more tools and systems will make them better, but often times it just results in more false alarms going off. Industry stats show that only 5% of those alarms actually get investigated. We believe that cyber security needs to evolve: organizations need to be able to continuously surveil and hunt for threats and stop them quickly.”

It’s only a matter of time before machine learning and automation makes up for human inefficiencies in every industry — but cybersecurity may be the field that needs this innovation the most. Until these solutions are adopted and proven effective, leaders and their organizations need to change their approach to cybersecurity, trying out Zero Trust and any other promising, legitimate, and applicable model they come across. Until then, we’ll remain at the mercy of the hackers and criminals that have plunged our world into cyber-peril.

More by Andy O. Heikkila

Topics of interest

More Related Stories