new frontiers in privacy and security - nchica · 2018-06-07 · new threats need new approaches,...
TRANSCRIPT
New Frontiers in Privacy and Security
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
2
Proprietary and Confidential - Do Not Distribute
Agenda
• Discuss the rise of new classes of
threats
• Provide a sense of what AI and big
data can and can’t do
• New approaches to incident response
• Our 2025 technology predictions
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
3
New Threats
• Social media
• Explosion of new data sources
and interconnections
• Multi-vector sophisticated
actors
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
5
Proprietary and Confidential - Do Not Distribute
Social Media
A powerful tool for marketing,
messaging, and engagement,
but a huge new threat to Patient
Privacy.
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
6
Proprietary and Confidential - Do Not Distribute
Storytelling and multiple
methods of engagement
New platforms to review
potential PHI breaches
and monitor news
EDUCATION MONITORING TECH
Metrics, measurement
and continuous feedback
loops
PROCESS
Tools to Resolve
New Vectors
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
7
Proprietary and Confidential - Do Not Distribute
We are generating data and
providing access to it at an
exponential, rather than
linear rate
Exponential Data
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
8
Proprietary and Confidential - Do Not Distribute
Privacy and security
integration, training
and protocols
The same technologies
fueling this explosion
should be protecting us
CULTURE CHANGE AI EFFICIENCY
Use big data
technologies to
integrate review of ALL
sources
COMPREHENSIVE REVIEW
Managing
Exponential Data
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
9
Proprietary and Confidential - Do Not Distribute
Healthcare is vulnerable to
state-based, AI-enabled and/or
new types of threats entirely.
New Actors
Proprietary and Confidential - Do Not Distribute
Hack as a ServiceSteady Threat
Organized CrimeIncreasing Threat
State SponsoredIncreasing Threat
HacktivistsSteady State Threat
Financially motivated, paid
% of profit
Financially motivated,
ransomware for easy $$ data
exfiltration for higher payoffs
Research, espionage
and sensitive proprietary
information
Motivated by social
justice causes to seek to
defame or damage an
enterprise
• Cyber-crime as service (CAAS)
• Allows others to rent
infrastructure for attacks,
botnets, phishing tools and
vulnerability scanning
of targets
• Aim to collect ransom, personal data,
including medical records, credit
cards and SSNs
• Structured and operated similar to
start-ups, often with industry focus
• Efficient and profit focused
• Increasing level of sophistication
• Highly-skilled and highly-
persistent groups with
unlimited resources
• Employ sophisticated and
previously unknown methods
(e.g., custom malware)
• Pursue and achieve specific
objectives
• Maintain a low profile to cover
their tracks and remain in the
network for months, if not years
• Unstructured coalitions of
individuals that come
together based on common
cause
• Rely on social engineering
techniques
• Employ less sophisticated
attack methods due to
resource limitations
• Engage armies of infected
computers available in the
dark web
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
11
e.g., interactive phishing
training/monitoring
Orchestration, analysis,
and monitoring can
leapfrog in healthcare
TECH-ENABLED EDUCATION NEW TECHNOLOGY
Three strikes rule for all
individuals at health
system
REAL CONSEQUENCES
Managing
New Actors
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
12
AI and Big Data
• What the heck are they?
• What can’t they do?
• How could they actually be
helpful?
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
What are we talking about
when we talk about big data,
AI, machine learning,
analytics, and more?
Breaking down the
buzzwords
https://www.moogsoft.com/blog/aiops/understanding-machine-learning-aiops/
13
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
14
Proprietary and Confidential - Do Not Distribute
Judgment, discretion, on-the-
ground culture change, and
leadership, as well as the
nascent nature of these
technologies. Toddlers, not
Terminators.
Limitations of These
Technologies
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
15
Proprietary and Confidential - Do Not Distribute
Great for integration,
automation, scale, and sector-
specific context.
So why use them?
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
16
Whatever technologies you’re using, or threats
you’re facing, what are the commonalities in
every incident response plan?
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
17
• Information Security Incident Policy
• Definition
• Incident Reporting
• Incident Responsibility
• Information Security Incident Handling Procedure
• Incident Discovery
• Incident Investigation
• Incident Documentation
• Breach Notification Run Book
• Definition
• Authority
• Scenarios
• Methods of Notice
• Content of Notification
Incident Handling Process
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
18
• Collaborative Cybersecurity
Governance Process
• Communication Plan
• Senior Management Response Team
Membership & Responsibilities
• Recovery Statements
• External Teams/Trusted Advisors
Major Incident Response
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
19
• Internal Communication (management,
workforce)
• Trusted External Parties (legal, NDAs (non-
disclosure agreements), contractors)
• Other External Parties (Business
Associates, government agencies,
vendors, media outlets)
• Internet Service Provider
• CMS Notification
• Owners of Attacking Systems
• Other Victims
• Directly Affected Vendors
Recovery Statements
Proprietary and Confidential - Do Not Distribute
20
Proprietary and Confidential - Do Not Distribute
Breach Notification Run Book
Incident Senior Management Group
Incident Management Team
Communications Cyber Forensics Legal
Risk Management Human Resources Health Plan/Benefits
Regulatory/Compliance Finance Government Relations
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
21
Predictions for 2025
• Privacy/Security Integration
• Comprehensive Audit
• Sector-Specific Context
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
22
Seeing a respect for these two
swim lanes continue, but much
greater operational integration,
and measurable change.
Privacy/Security
Integration
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
23
Deployment of models that
continuously review and risk-
stratify all accesses to data in
real-time.
Comprehensive Review
with AI Efficiency
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
24
Moving away from square pegs
and round holes into clinically-
aware technologies designed
for healthcare.
Sector-Specific Contextual
AI
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
25
Key Take-Aways
• New threats need new approaches, both
technologically and culturally
• AI is just another tool, albeit one possessed
of tremendous strengths and weaknesses
• The key is augmenting and enhancing
culture, human effort, and process, not
replacing it
Proprietary and Confidential - Do Not DistributeProprietary and Confidential - Do Not Distribute
26
We’re entering an all new world of threats but
both tried and true culture change and
education as well as artificial intelligence
provide a new fusion approach and show great
promise.
Reach out to continue the conversation