Fighting AI-Fueled Attacks With AI-Based Cyber Tools episode artwork

EPISODE · Dec 26, 2023

Fighting AI-Fueled Attacks With AI-Based Cyber Tools

from Info Risk Today Podcast · host InfoRiskToday.com

Healthcare CISOs must recognize the real and imminent threat of AI-fueled cyberattacks and take proactive steps, including the deployment of AI-based security tools, to protect patient data and critical healthcare services, said Troy Hawes, managing director at consulting firm Moss Adams.

Episode metadata supplied by the publisher feed · Published Dec 26, 2023

Healthcare CISOs must recognize the real and imminent threat of AI-fueled cyberattacks and take proactive steps, including the deployment of AI-based security tools, to protect patient data and critical healthcare services, said Troy Hawes, managing director at consulting firm Moss Adams.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Fighting AI-Fueled Attacks With AI-Based Cyber Tools

0:00 0:00
of MATCHES

TRANSCRIPT · AUTO-GENERATED

I'm Mary Ann Kolbasakmiki, executive editor at Information Security Media Group, today I'm speaking with Troy Hawes, who is managing director at consulting firm Moss Adams. We're going to be discussing threats facing the healthcare sector involving AI-fueled attacks. So, Troy, despite the AI-driven advancements that we're hearing so much about in healthcare, we know that cyber criminals are also looking for ways to use AI to their advantage. So how do you think AI-fueled cyber attacks will make healthcare sector entities potentially more vulnerable to cyber criminals?

Really what cyber criminals are doing, they're using AI to their advantage. They're really trying to exploit vulnerabilities in medical devices or compromise electronic health records, disrupt critical healthcare services. With AI, they're able to do that quicker. They're able to automate and scale their attacks and really become more efficient and sophisticated, which is scary.

The machine learning algorithms that they're able to use, they can be trained to kind of find and then exploit software vulnerabilities, and really that can overwhelm systems as well as the defenses that an organization might employ. And the last thing I always think about is once a attacker has access to the systems, they're again able to leverage AI to analyze the large databases or data sets really looking for that valuable data, which is really patient, personal identifiable information, or their actual health information that they can then use for identity theft, fraud, or to actually then escalate a ransomware attack. So, Troy, you mentioned the risk of cyber criminals getting into the networks, then also taking advantage of AI to do what they want to do with the data that's in their victim systems. When it comes to the actual AI-fueled attacks, what sorts of things are you most worried about?

Are they phishing? Are there other sorts of incidents that you think that cyber criminals will be taking advantage of in terms of the AI-fueled tools that they have at their disposal? The way I think about it's not necessarily the type of attack. It's more the sophistication and I'd say ease of the attack that is most worrisome, because the types of attacks haven't changed.

They're still compromising credentials. They're still using ransomware or social engineering attacks. Now, they're just more sophisticated and that's really the use of AI. You look at social engineering, the ability to create these phishing emails now to be more legitimate looking and mimic a pattern of communication that their target might have, or with deep fakes and the use of voice mimicry software.

Now, just getting a call from somebody may be harder to detect and really those are really to fool those people that they're attacking. What I've seen is a lot of success with the use of both the email followed up with a phone call. They send a phishing email and then what they do is they follow that up with an actual phone call and that phone call makes it seem like it's more legitimate to that person that they've targeted. And that's where we're seeing a lot more personnel falling victim to these attacks, because it seems more real this way and it's harder to catch that from employee perspective.

So it's really the same types of attacks. It's just the sophistication and the speed in which they can do them, I think, is the most worrisome. And Troy, what types of health care sector entities do you think will find themselves potentially either full victim of these sorts of attacks or the targets of these attacks? Are there certain kinds of entities that you think the cyber criminals will be trying to take advantage of most?

Yeah, it's everybody. It really comes down to what they're after. So different cyber criminals, different attackers have different methods, different ways to go about it. But all health care sector entities are vulnerable and targets of these attacks.

And you can think of this if your organization has sensitive data like that personal private data, that makes it an even bigger target. Or if you're an organization like a hospital that needs to have patient care be ongoing and it's critical for operations to be available at all times. Again, attackers are looking at trying to take those systems offline, maybe through a ransomware attack and hoping that they're going to get paid because the hospital may need to pay in order to get back an operational quicker. And so a lot of times that's going to be the more focused targets just because of that.

Troy, as it is, a recent study found that 75% of health care sector entities that do suffer ransomware attacks end up finding that their data does get encrypted by cyber criminals before the victims are able to detect they've even been hit or have had time to take action. And those numbers are even higher than in past surveys. Why do you think so many health care sector entities today already find themselves folding victim to ransomware encryption and other serious attacks? What are some of the things that maybe aren't being done that they should be paying more attention to and then perhaps ramp up even with these AI fueled attacks?

To me, it comes down to a number of reasons. So usually it's the lack of good monitoring and alerting systems. Oftentimes it's just limited security budgets and adding to that your IT, your security personnel are overworked, they're over taxed with all of the systems that they're trying to keep operational and running. And then the systems that are providing these alerts, either they don't have time to actually investigate properly or do do a good investigation to identify the attack before the data actually gets encrypted.

One of the things that I actually found interesting was according to that report, the dwell time, so that's the time the attacker actually has on the network. So when the attack starts to when it's detected is around five days. So if you think about that, that's a long time for an attacker to have access to a network to two systems before they're even found out. So that's one of those reasons why the data actually does get encrypted.

They're just not being identified in time. I think also one of the other reasons that health care does fall victim is the use of the technology that's in place. So whether that's the medical devices being used or oftentimes there's outdated or end of life technology being used, these medical devices, this outdated technology may not be patched properly, may have bug fixes that need to be patched, but they're not because they're older, they're more vulnerable to attack. So once an attacker is able to actually find these systems, then that helps give them access to potentially the network.

And then from there, find find ways to move laterally through the network or do other things to start identifying the data that they're most likely after wanting to go after that ransomware attack or just exaltration of the data. One of the other things that I've actually seen is more of a convenience factor. So what I mean by that is oftentimes best practices around like passwords using long complex passwords or not sharing passwords or not using multi-factor authentication are all due to they're inconvenient to caregivers, because caregivers are trying to get access to a patient record and spending time logging in and doing that can cause an inconvenience. And so a lot of times what we've seen is these health care entities not putting in good practices and user access controls are a critical practice when it comes down to it.

So Troy, we were talking about AI-fueled attacks. How might AI-based security tools help care sector entities improve their cybersecurity posture, especially when they are facing potential attacks by cyber criminals that also have AI tools? One of the things that AI has done is provided benefits for both the attacker but also the defender. And really there's a number of AI security tools that are out there now.

And what the main thing that they help do is allow an organization to be more proactive in their approach. So you're not reactive anymore. And really what these AI tools do, they're able to analyze basic vast amounts of data in real time and really detect any issues or anomalies that could be a potential threat. And then alert upon those potential threats so that the security teams know about it, but they can also take action on that threat.

And so you're not waiting for a person to respond. So more real time threat detection and really kind of helping to get that basically threat neutralized or acted upon by others. And I think that's where we're really seeing AI being a great tool and a necessary tool on our networks. And they're really great at really providing good insights into what's going on on the network because there's so many systems talking to each other, so much data that needs to be processed.

And the algorithms, the machine learning that it's able to do, it's really able to identify what's normal traffic versus what's not normal, and then flagging those for potential investigations. And finally, Troy, what are some of the critical steps that you suggest health care sector entities take now to help reduce their risk of falling victim to cyber attacks that involve AI fueled attacks? There's a number of steps that health care needs to take. One of the first things is to deploy these AI countermeasures, really put in tools that have AI capabilities as a defense mechanism.

These endpoint detection and response or the extended detection and response or the managed detection and response all provide detection and response capabilities across all systems, so that you're really again being proactive in your threat detection and response capability. Well, thank you so much, Troy. I've been speaking to Troy Hawes. I'm Mary-Ann Boba Seckmighi of Information Security Media Group.

Thanks for joining us.

That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! DIOSA. Carolina Sanper This podcast is a sacred space created by Carolina Sanper where you connect with your inner wisdom and embody your magnetic feminine power.It is the realization that the mystical realm is where you plant the seeds of your desired reality.It is a portal to your true essence: awareness, presence, and receiving with ease. Welcome home, DIOSA. 🖤 XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Info Risk Today Podcast?

Episode duration information is not available.

When was this Info Risk Today Podcast episode published?

This episode was published on December 26, 2023.

What is this episode about?

Healthcare CISOs must recognize the real and imminent threat of AI-fueled cyberattacks and take proactive steps, including the deployment of AI-based security tools, to protect patient data and critical healthcare services, said Troy Hawes, managing...

Can I download this Info Risk Today Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!