Another day, another breach. For many Bostonians, the “privacy incident” recently disclosed by Massachusetts General Hospital (MGH)—which reportedly involved the personal information of 4,300 dental patients stored by a software vendor—hit close to home in many ways, as most of us have at one time or another been to MGH for ourselves or a loved one. It’s an institution in these parts. That’s why the thought of a data breach is troubling indeed.
For those of us who are focused on stopping these types of incidents, it’s even more troubling, as we are seeing them more often. So far in 2016 there have been over 500 breaches, resulting in the exposure of more than 12.8 million records, according to the Identity Theft Resource Center. The increase in the number of breaches has hit an alarming rate, which, if it continues, could lead to all medical records being compromised in just a few years’ time.
The problem comes down to a widening gap between the capabilities of existing cybersecurity solutions and the advanced threats they are expected to stop. In many cases, companies are not aware that a breach even occurred until they are notified by law enforcement. Industry data suggest that it takes 200 days for most breaches to be discovered, giving the bad guys plenty of time to do damage.
The oft-exploited characteristic of existing cyber solutions is that they follow a set of rules based on the types of attacks that have occurred previously. The attackers know this, and adapt their approaches to defeat these rigid rule sets. This forces the organization to chase the attacks with new rules—which are put in place after the fact and may just be “too little, too late.” Simply put, the threats are continually evolving, and the solutions are not keeping up.
Clearly, a new approach is needed.
We believe that the next generation of solutions that can adapt and discern new threat behaviors are far better suited to identify and stop these threats based on their ability to “learn” what normal behavior looks like for an organization’s users, applications, and devices on the network. By understanding what normal looks like, identifying the abnormal behaviors becomes much more straightforward.
Understanding Risk
While no single solution represents the Holy Grail of network security, there are a number of things that organizations can do proactively to bolster their defenses. The single most important thing an organization can do is to get a sense of its own specific areas of risk so that it can better understand where the chinks in the armor might be. Security solutions that also provide a measure of an organization’s cyber risk profile are long overdue. This involves gaining true visibility into how users, applications, and devices are interacting and what behaviors are risky in terms of cybersecurity or policy violations. Fortunately, such solutions are now available, allowing an organization to compare its own profile against pre-determined “risk indexes” based on industry benchmarks. This finally provides the answer to the question: How safe are we?
In order to protect the organization from losing the data—and trust—as a result of a breach like the one involving MGH, business leaders and security professionals need cybersecurity solutions that keep pace with the advanced threats they will continue to face and protect themselves at an acceptable level of risk against both the abnormal and the immoral.