It’s common knowledge thathealthcare organizations are prime – and relatively easy – targets for ransomware attacks。因此,毫不奇怪,这些攻击在过去的几年里已经成为猖獗。术语“低垂的果实”被频繁调用。
But according to at least one report, and some experts, it doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure Technology – contends in a recent whitepaper that the power of artificial intelligence and machine learning(AI/ML) can “crush the health sector’s ransomware pandemic。”
Which, on its face, might sound like a bit of an oversell, when the mantra in cybersecurity is that there is no such thing as a silver bullet.
James Scott, ICIT senior fellow and author of the report, agrees that AI/ML alone will not make any organization bulletproof. Organizations must, “effectively implement fundamental layered cybersecurity defenses and promote cyber-hygiene among personnel,” he said.
But, he said the use of AI/ML can definitely solve the low-hanging fruit problem. “They will no longer be an attractive target for unsophisticatedransomwareand malware threat actors,” he said, “so adversaries will dedicate their resources to attacking easier targets – likely in other sectors – that do not have algorithmic defense solutions.”
罗布巴瑟斯特,为全球医疗保健和Cylance生命科学和ICIT同胞董事总经理,同意AI / ML不是银弹。“但他们是一个更好的子弹,”他说。
He said they are a major improvement over Security Information and Event Management (SIEM) solutions that, in the words of the report, “are plagued by data overload, false positives, and false negatives.”
The AI/ML model, Bathurst said, doesn’t need specific signatures. “It’s very good at answering questions like: ‘Is this file going to potentially harm my computer if it’s allowed to execute?’ It doesn’t need one-to-one matches with signatures,” he said.
It is obvious that the healthcare sector needs better security. One of the reasons it is such a popular target is that, as the report notes, the victims are more likely to pay, since, “every second a critical system remains inaccessible risks the lives of patients and the reputation of the institution. Hospitals whose patients suffer as a result of deficiencies in their cyber-hygiene are subject to immense fines and lawsuits.”
此外,出于安全的解决方案,是医疗机构的吸引力,他们既非侵入性和实惠。
As has been widely reported, healthcare workers are notorious for skirting security protocols because of “friction” – they slow down or inhibit the ability to respond quickly to patient needs.
And, when a hospital or clinic is on a tight budget, security is a lower investment priority than patient care.
首席技术专家,说唐麦克林DLTnd an ICIT fellow, is both understandable and appropriate. “If a hospital administrator has limited funds, and needs to choose a new DLP system to protect data or a new defibrillator to rescue dying patients, they’ll pick the latter every time – and they should,” he said.
鉴于这种情况,什么是机会,AI / ML将成为普通不过的卫生部门的扭转,如果不是“美眉”的勒索软件趋势?
On the “non-intrusive” front, it gets high marks. “One of the selling points of AI/ML is that it is not intrusive and works in the background,” said Mike Davis, CTO of CounterTack.
斯科特同意。“AI和ML解决方案将自动化和简化网络,卫生和安全解决方案,定期禁止卫生部门的响应时间,”他说。
在成本方面,然而,事情比较模糊,在明显的原因是没有“典型”的医疗机构的一部分。
但是,戴维斯说,这是不便宜,当它涉及到了底线,管理员可能断定这是不是工资AI / ML厂商便宜的薪酬赎金。
的防病毒解决方案AI / ML可以三倍的成本,他说,“和医疗机构都已经争取他们有充分的预算美元。
“If theaverage cost of a ransomware attack is $300– which was reported by the ICIT in 2016 – why would I spend tens of thousands of dollars more per year to prevent that risk? I’d need 30 or 40 successful attacks before the cost makes sense.”
An even more significant barrier, however, is simply that nothing – not even AI/ML – is a “set it and forget it” security solution. It takes time both to configure it and maintain it.
专家介绍,包括像斯科特主张,一致认为这是一个“分层”安全态势的一个组成部分。
马特·梅伦,安全架构师,医疗保健,在帕洛阿尔托网络,说AI和ML被“证明是非常有效的在最难的事情之一,以获得正确的安全 - 确定哪些是正常与恶意。”
But he, like others, adds the caveat that, “no single capability, like AI or ML, is going to be able to stop all attacks. Hence, it’s important to carefully employ multiple advanced prevention capabilities.”
戴维斯有相同的警告。“使用AI / ML技术提高了标准,但它并不能消除风险。还有很多更多的是公司有做真正应对风险报告中所讨论的,”他说。
“攻击者可以简单地移动到不同的技术 - 例如非恶意软件攻击不使用二进制代码,但是脚本或宏 - 这是更难火车/从AI / ML的角度学习。依靠好坏的分类任何预防性技术总是容易的军备竞赛,”他说。
礼萨·查普曼,在埃森哲的健康实践管理网络安全的主任,他说保持AI / ML的有效性可能需要显著的维护。“检测阈值需要进行调整,以达到虚警率和漏检率之间的平衡,”他说。
“Further, constant tuning is often necessary within the specific operation environment. Overall, this is not a reason to steer away from these technologies. Instead, consider AI and ML as complementary to the personnel in your security program.”
查普曼说,他怀疑AI / ML将阻止攻击者勒索。虽然这些技术肯定会增加一道屏障,“安装勒索软件或其他恶意活动的收益很高,攻击者可能会继续发展,”他说。“此外,攻击者很可能采用AI和ML技巧自己的努力。”
佩里木匠,在KnowBe4首席宣传官和战略官,一致认为,“像任何技术一样,魔鬼存在于细节之中。这些系统需要实现,基线,调整,并以持续方式证明是有效的“。
And he added another caveat – that while AI/ML are promising technologies, both for detection of threats and in being “self-healing and self-protecting,” they can still be undermined by negligent humans.
While they can adapt to, “nuances of human behavior, it would be a mistake to believe that they can fully account for the unpredictability of humans,” he said.
Beyond all that, if a healthcare organization decides to implement an AI/ML solution, that takes some advance due diligence as well.
斯科特说,虽然有几百家企业提供的,“很多组织都仿专家和正在使用AI和ML作为流行语蛇油推销员和他们的产品没有任何物质。
“一个保守的猜测是,在目前,也有不到十几个实际的,有信誉的供应商,”他说。
戴维斯是在另一个方向持怀疑态度 - 他说的是厂商专门提供AI / ML可充电的产品,并不一定是优越的溢价。“很多[杀毒]厂商已经转移到AI / ML车型,而且通常比新的‘ML / AI唯一的’供应商便宜得多的代价,”他说。
So, the best advice is to ask around. “Ask for a demonstration,” Scott said. “Seek input from the product’s clients, and examine what technology the solution actually employs, how it deploys that technology, and whether it can deliver on its promised results.”
最后,斯科特承认,攻击者最终会适应任何新的防守,但他说他相信这将是5至10年在这之前发生。同时,“算法解决方案能够适应,所以他们不断学习,并可以进行更新和改良后以应对新出现的威胁,”他说。
“AI and ML will not become obsolete – they will be the foundation for all future defense-grade cybersecurity solutions.”
That, of course, assumes they are implemented. As Chapman noted, “one thing is clear from the history of many healthcare organizations: Top-tier innovation is focused on patient care, operational efficiency and cost reduction, not necessarily IT and security.”
这个故事,“灿AI和ML杀死医疗勒索龙?”最初由出版CSO 。