Machines are better than us; for some things. They’re faster. They process repetitive information and data more precisely and accurately. And they’re much more focused – they don’t get distracted by incoming texts on a smartphone. They don’t take vacation or call in sick.
Of course, many executive leaders already know this, and are investing significantly in automated artificial intelligence (AI) tools, with IBM’s Watson serving as somewhat of a celebrity standard-setter. The tools enable organizations to more effectively deliver engaging customer experiences, develop marketing campaigns, manage inventory, forecast sales and perform a vast number of other data-driven business functions.
There’s another critical function that AI is beginning to address: cybersecurity.
It’s a logical fit. In healthcare and every other industry, security operations center (SOC) teams are besieged by an overwhelming amount of events. Their policy-driven strategies to prioritize real vs. false can’t keep up with the alert velocity and attack signature rate of change. SOCs encounter difficulties in implementing a consistent enforcement of the same governance across disparate technologies and in rapidly and correctly tweaking them all in response to the latest empirical knowledge gained. Because machines can respond to attack vectors in seconds – as opposed to an hour or even a day for their human counterparts – the AI in cybersecurity market is expected to explode, reaching $18.2 billion by 2023, up from $1.2 billion in 2016, according to projections from P&S Market Research.
A growing number of leaders are urging for this investment sooner rather than later. In October, for example, Nick Coleman, Global Head of Cyber Security Intelligence Services at IBM, told attendees of the ISACA CSX Europe 2017 conference in London that the complex and voluminous state of today’s threats should compel organizations to find ways “to embed AI and automation wherever it makes sense to do so to improve efficiency, and thereby improve capability and, ultimately, enable greater business resilience … Research shows that around a third of (a cybersecurity professional’s) time is spent gathering and processing information, but this is something that can be automated.” To underscore his remarks, Coleman noted that Watson is now processing and analyzing 4 million security-related documents an hour.
Healthcare organizations have been slow to adopt AI as a whole, much less for security purposes. Only 5 percent are currently deploying AI technologies, and just 11 percent plan to do so within the next 12 months, according to research from the Healthcare Information and Management Systems Society (HIMSS). Less than one half indicate that they’d look to implement AI even within a wide two to five-year window. So what’s stopping them? Among other barriers, impressions that the “technology is still in the development stage” (as cited by 40 percent of organizational representatives surveyed as part of the research); unproven business cases (23 percent); infrastructure constraints (20 percent); a lack of understanding of “clear and present opportunities” (18 percent); and the existing state of their data integration capabilities (18 percent).
Another challenge: A lack of financial commitment to cybersecurity, as the vast majority of healthcare providers spend on average less than 6 percent of their IT budget on this, or less than one-half of the 12 percent to 15 percent that the finance/banking sector and federal government spends, according to additional research from HIMSS.
The industry must pick up the pace on both AI and cybersecurity – and then combine the two to embrace AI as a threat-fighting “partner.” Otherwise, our manually driven, rules-based approaches will leave us stuck in the same, counterproductive rut: The SOC team heads to its security information event manager (SIEM) where all threat incidents are consolidated, correlated and assessed for alerting. Team members investigate countless false positives while missed threats slide right through. After remediation of breaches they look for patterns throughout apps, systems, devices and cyber defense tools (firewalls, anti-virus solutions, etc.), and then write new “rules” to more quickly identify and hopefully prevent future incidents.
But the rules grow more intricate as the attacks themselves get more complex, with layers of formulas involved. Again, with the staggering proliferation of attacks, team members can’t keep up. Even worse, they can’t devote enough time to anticipating future attacks because they’re overwhelmed with investigating and writing rules for the known ones. This is where AI steps in to help them, eliminating the need for humans to write rules, while more effectively and rapidly analyzing the intelligence collected to anticipate future threats.
Another key point: We know that hackers are adding AI to their tool set. Given this, AI emerges as a “must have” partner for any cybersecurity strategy, not a “nice to have” option. Without it, the hackers gain an insurmountable competitive advantage – we’d be bringing a knife to a gunfight, as the saying goes.
I do not use the term, “partner,” lightly either, because technology is not entirely replacing humans here. The ideal deployment model will take advantage of the best that both man and machine have to offer. True, AI takes the rule-writing tasks off the SOC team’s plate. It will examine thousands of events happening at any given time, and prioritize each one, based on greatest potential harm, for the human team to look at.
In supporting cybersecurity within healthcare, we have reached a crossroads. We must acknowledge that the bad guys are “smarter, faster, better” today. Thus, we need to be smarter, faster and better. But we can’t do it alone. AI innovation will soon be available to help manage the complexity, speed and volume of the modern threat. It is, indeed, a partnership that merits our commitment.
By Brian Wells, CTO, Merlin International
Brian brings over 35 years of leadership experience in the hospital, physician, academic, medical center and payer information systems areas. Brian leverages his extensive healthcare IT experience in building and executing on a strategy to grow Merlin’s healthcare line of business in the commercial market. Before joining Merlin, Brian most recently served as the Associate Vice President of Health Technology and Academic Computing for the University of Pennsylvania Health System / Perelman School of Medicine where he led a team of 60 software developers focused on web applications, data integration and data warehousing analytics. Brian also held a leadership position at Children’s Hospital of Philadelphia and was the Founder and CTO of InteHealth, Inc.