In a new ICIT report called How to Crush the Health Sector’s Ransomware Pandemic, the authors suggest putting machine learning throughout the layers of health organisations’ IoT microcosm, allowing what they call a “virtually, omnipresent, algorithmic defense”. IT security experts from ESET, AlienVault and FireMon commented below.
Mark James, IT Security Specialist at ESET:
“Combating or limiting ransomware in any way shape or form gets the thumbs up from me. Any way it’s delivered, either through traditional methods or emerging techniques when it comes to stopping one of our most damaging and brutal forms of malware we see today we have to do all we can. With so many options available to both public and private companies of all sizes is they have to consider cost and knowledge. If you don’t know about the technology or are not aware of how it can help you then how can you buy it? Secondly of course you have to look at the cost, especially when it comes to the health sector. When the two choices are either to purchase a replacement machine to save people’s lives or invest the same money into a technology that may work in protecting you against an attack that might or might not come it’s hard to justify the latter!
It’s usually down to knowledge and understanding, if you are charged to protect your company (and usually your users) data then you can only take into account the technologies you have knowledge of. Tag that with an understanding of how it will work and if it’s right for you. You will use that to give you the start of a recipe that will build or compliment your defences, there’s one thing for sure, you cannot stand still, you have to adapt and move with the ever changing landscape of cyber criminals.”
Javvad Malik, Security Advocate at AlienVault:
“There is no doubt that ransomware is a favoured technique amongst cyber criminals. It creates a business model for criminals that allows for wide-ranging attacks and a reliable method to collect payment.
Machine learning and use of algorithms for defences is on the increase across all of IT Security. However, the definition of what these technologies are will vary depending on who is asked, and their effectiveness as stand-alone offerings is untested. While there will likely come a time in the near future where machine learning and algorithms will become a standard part of every IT Security technology offering, healthcare organisations would likely be better off addressing fundamental security issues which would offer better protection against a broad range of attacks as well as simplify management. Such steps would include, having an asset inventory, password policy, user education, secure configuration, device controls, patch management, protection, and monitoring controls.”
Paul Calatayud, CTO at FireMon:
“Machine learning, like any modern approach within a cyber security defence, does play a role in detecting malicious threats within a healthcare organisation. Having been a CISO for a healthcare organisation and number two in security for a Fortune 5 healthcare organisation, I can say from experience a lot more is needed within healthcare in order to properly defend against malware and IoT, two big threats to healthcare. That said, as well as AI, basic approaches such as modern endpoint backup will also play a key role within information security. Ransomware’s main objective is to encrypt the data on the endpoint it was able to exploit. If healthcare organisations invest in ensuring that data is available on other systems, a common approach to backups, the encrypted data is therefore not valuable. A big plus is you have also greatly increased your business continuity plans and other data resiliency by taking this approach.”