With ransomware attacks increasing, healthcare organizations must determine how to frame and increase their ROI on cybersecurity. As a result, there is a need for tools and techniques to streamline security, mitigate risks, and prevent data breaches. RSI Security partnered with Darktrace, a British American cyber defense company, to rethink cybersecurity ROI, especially detecting and mitigating ransomware.
The session opened with Nico introducing the panelists:
- Justin Fier, Director of Cyber Intelligence and Analytics Darktrace, is a leading cyber intelligence expert with extensive experience in cybersecurity and artificial intelligence from his years in the field, including the US Intelligence community.
- Mohan Shamachar CCSFP, CISA, CIPP, CISM, CISSP, MBA, QSA, Director of Information Security and Compliance at RSI Security, who provides extensive experience across all areas of cybersecurity and as an assessor .
Following the introductions, Mohan presented the first half of the webinar.
Why Invest in Cybersecurity?
Mohan started by referencing news headlines about the need for investing in cybersecurity. He emphasized that cybersecurity is not prioritized in deciding investment, resulting in security risks.
Impact of Data Breaches
Mohan highlighted the rising impact of data breaches. Based on the report from the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS), one can see:
- Timeline of breaches
- Causes of breaches
- Individual records affected
It is critical to realize that all these data breaches present significant penalties.
Mohan also referenced Fitch Ratings, a company that explores cyber risks and rates businesses on their cyber risk. These ratings can affect business reputation since they point to an organization’s security posture.
With increased ransomware attacks in the news, organizations must realize that data breaches have financial, legal, and reputational consequences.
Cyber Resilience and Leadership
Mohan also presented data from the Panama Security and IBM report, highlighting the role of leadership in promoting cyber resilience. Essentially, how quickly can an organization resume normal operations after an attack?
He pointed out that the report classified “leaders” in various categories as those who support overall cybersecurity objectives, maturity, and a holistic security posture. Leaders also actively protect their organizations from cyber threats.
Mohan emphasized that the ability to find, stop, or reduce breach attacks requires proactive leadership. A critical example is that leaders who implement automation increase the detection of data breaches compared to those who do not. Investing in cybersecurity will help address breaches on time and minimize losses.
Cybersecurity ROI and Data Breaches
Mohan described various aspects of data breaches, underscoring the need for cybersecurity investment.
Variety of Breach Attacks
The majority (80%) of breaches involve customer personally identifiable information (PII) related to:
- Healthcare records
- Medical records
- Sensitive information
Other categories of breaches affect:
- Intellectual property
- Anonymized customer data
- Employee PII
He emphasized the significance of these statistics for organizations that share or collect consumer information, pointing to the value of data lost in the breaches.
Motives for attacks include:
- Financial gain (53%)
- Hacktivism (13%)
- Nation-state (13%)
- Unknown motives (21%)
This data shows that hacking and selling PII on the dark web is lucrative.
Causes of Breaches
The largest cause of data breaches is misconfiguration due to compromised credentials (e.g., usernames, passwords). Companies must invest in the appropriate security model, such as multifactor authentication (MFA).
Other cybersecurity vulnerabilities to address include:
- Physical security
- Phishing attacks
- Other social engineering attacks
- Indirect third-party attacks due to improper vendor integration
Organizations must address their security posture and conduct commonly-ignored due diligence.
Cost of Breaches
For nation-states, the average cost per data breach is over four million US dollars. The cost of a breach depends on how many days it takes to identify attacks. For example, in healthcare, threat identification takes about 236 days compared to almost a year for public institutions.
Mohan emphasized the need to address detection and response timelines. The report also shows that companies with fully developed infrastructure can detect breaches much faster, with results in 234 days versus over 300 days without threat detection.
The most significant factor in reducing the total cost of a breach is a test incident response plan. Components of robust incident response plans include:
- Employee training
- Security analytics
- Vulnerability testing
- Patch management
The above factors have dramatically contained the cost of data breaches and point to the critical cybersecurity investments.
What Cybersecurity Investments Can You Make?
Based on the above data, what can you do to minimize the impact of cyberattacks?
Mohan believes organizations should invest in:
- Governance via risk management and security – Focus areas include:
- Critical systems
- Vendor integrations
- Risk assessment
- Continuous risk management
- Security automation – You must reduce incident response time to lower the cost of a breach.
- Access controls – You must develop a zero-trust mindset to prevent unauthorized access.
- Incident response planning – Test plans to make sure they work.
- Endpoint monitoring and protection – Endpoints such as remote working present vulnerabilities and must be safeguarded.
- Awareness and training – Creating awareness for phishing and other social engineering attacks minimizes data breach risks.
- Tracking cybersecurity progress – It is critical to monitor changes to:
- Policies and procedures
- Use of maturity frameworks (e.g., CMMC, NIST-CSF, CIS)
Mohan ended by emphasizing that the overarching goal of cybersecurity investment is to build a posture that prevents attacks. The definition of cybersecurity ROI depends on who you ask: a CFO thinks about profitability on capital investment while a security officer considers risk reduction to minimize data losses.
Unpredictable Cyber Threat Landscape
Justin started by mentioning how expensive it is to get hacked. As such, ROI on cybersecurity is critical. How does AI fight back against threats?
The cyber threat landscape has evolved due to the new remote work environment, which has created new attack vectors. As a result, we are experiencing:
- Increased complexity of networks
- More data and tools to support collaboration
- Lack of visibility into networks with numerous blindspots
- Mainstream AI-powered attacks via sophisticated phishing attacks
- Polymorphic malware strains
- More targeted attacks (e.g., deep fake videos)
The changes to threat landscapes require innovative cybersecurity tools to address cyberattacks.
How Can Self-Learning AI Help?
Darktrace focuses on using self-learning AI tools to address cyber threats. Modeled after the human immune system, self-learning monitors unusual activity in digital environments. The Darktrace self-learning AI deploys to your digital architecture, whether for the entire network or individual users.
Specific benefits of self-learning AI include:
- Absence of defined rules or baselines for increased flexibility
- Networks are organic with digital footprints, with no defined sense of what’s “good” or “bad”
- Can detect unpredictable threats, independent of historical datasets
- Provides visibility over complex networks in:
Justin emphasized the need for cybersecurity scalability with a recovering economy, especially for protecting patient information. Scalability is easier with AI.
Self-Learning AI in Practice
Aspects of self-learning AI include:
- Self-learning detection – The ability to establish baselines for every user and device on the network
- Automated investigation – Training AI in automated analysis (based on supervised and unsupervised learning) empowers self-learning tools to ask the same questions as a human when investigating cyber threats. Self-learning AI can also provide detailed reports.
- Autonomous response – AI-driven response can drive precise reactions to address threats. Self-learning AI works in the background to timely identify and remediate threats.
- Coverage – Self-learning AI covers your entire digital infrastructure (e.g., email, SaaS, IoT)
Justin highlighted that self-learning helps address staffing burdens while increasing threat detection capabilities.
Case Studies on Self-Learning AI
Justin also highlighted the increase in COVID-19 pandemic-related fearware. Darktrace has noticed more rampant spear-phishing campaigns, with over 100 domains registered to malware-related attacks.
AI-driven tools can address these threats by identifying unusual:
- Sender environment
- Domain proximity
- Email traffic
Self-learning AI can detect hospital spear-phishing attacks based on anomalous activity, including:
- Devices making connections to rare IP addresses
- “Low and slow” attacks in which data is leaked in small amounts to external IP addresses
In the hospital malware attacks case study, 18.6 GB of data was uploaded over time. The biggest challenge is that it takes longer and is difficult to analyze malware attacks.
However, self-learning AI supports analysis of malware attacks by identifying unusual:
- Repeated connections
- External data transfer
- Internal download, followed by an external upload
Justin added that the concise reporting capabilities of self-learning AI tools enable faster decision-making and threat mitigation. Mohan agreed that self-learning will help identify, detect, and respond to threats to strengthen organizations’ security posture.
Mohan opened the floor for questions after Justin’s presentation.
A question was asked about the prioritization of the points under cybersecurity strategy recommendations. Mohan emphasized that organization-wide training and awareness are the biggest priorities.
Increase Your ROI on Cybersecurity
Organizations looking to increase their ROI cybersecurity can benefit from RSI Security’s wide range of security services. Whether it’s compliance advisory, managed security services, or cybersecurity architecture implementation, RSI Security will help you strengthen your security posture.
Contact RSI Security today to optimize your cybersecurity ROI!