Every day it seems another news breaks about cyber-criminals hacking in and stealing information. Private companies, government agencies, movie studios, political organizations, hospitals…no one is immune.
These types of stories are an example of why the cybersecurity market has become incredibly lucrative. It’s expected to be worth $120 billion in 2017, according to the Cybersecurity Market Report by Cybersecurity Ventures. That same report estimates that a stunning $1 trillion will be spent globally on cybersecurity from 2017 to 2021.
Yet, the Ponemon Institute found that the likelihood of a material data breach involving 10,000 lost or stolen records in the next 24 months is 26 percent. The same study finds the average cost incurred for each lost or stolen record at $158.
Santosh Varughese, President of Cognetyx, says that for all the attention on cybersecurity, the biggest threat most organizations face is right under their very noses. That is precisely what makes the threat so insidious, claims the co-founder of the “Ambient Cognitive Cyber Surveillance” artificial intelligence cybersecurity solution. I had a chance to interview Varughese about his controversial claim, and what organizations can do to immediately plug the holes.
Q: What is the cybersecurity threat that is right under our noses?
When people generally think of hacking, they visualize it as external actors attempting to penetrate a network. The methods that get the most attention are malware or phishing scams, and certainly there have been some high profile instances of even CEOs getting tricked. All of this feeds into the notion that to prevent attacks, we just need better defenses around the perimeter.
But what if the attacker is already inside the network? A 2015 study found that on average it took 206 days to detect a breach. That’s more than half a year where a hacker can roam freely within a network, with almost unfettered access to sensitive information. Basically once inside, there’s seemingly no way to either detect someone is up to no good, or to alert the proper authorities that something might be amiss.
Q: So the threat is external hackers who have already infiltrated a network?
It’s more than that. It’s any insider who, knowingly or unknowingly, is putting sensitive data at risk. There are two main types of insider risks that pose the biggest problem. The first is the “malicious insider.” This type of person could certainly be an external hacker who has broken into the network, either from hacking or stolen login credentials. But even more concerning, it could be a current employee who is snooping in data that they shouldn’t be in.
Think about how easily Bradley Manning stole three quarters of a million pieces of classified or sensitive documents from the military that was eventually released on Wikileaks. The repercussions of confidential information being made public are still being felt. All he had to do was download all the files onto a CD-RW disc, label it a “Lady Gaga” CD, and walk right out the door. All the security solutions on the market today could not stop a Manning from simply taking all the data and walking.
In the healthcare market where Cognetyx is deployed, it’s just as serious a problem. In 2015, Anthem announced that hackers had stolen 37.5 million records that contain personally identifiable information, although the New York Times puts the true number at closer to 80 million.
That’s millions of people’s sensitive information such as social security numbers, medical ID, income data and more. For every Anthem, there are scores of data breaches in the healthcare industry that go unreported. It’s something that every patient, doctor, administrator, insurer and politician should be concerned about.
Q: How can technology stop a malicious insider once they are in?
Technology is advancing at a rate where the convergence of progress in multiple areas is finally making it possible to detect malicious insiders. The cost of storing data continues to go down. The processing capabilities of servers to sift through data keeps marching forward.
And advances in machine learning—artificial intelligence—makes it possible to make sense of the data in meaningful ways. It is this confluence of massive secure scalable computing at a low cost, combined with exponential algorithm advances, that has made a breakthrough AI cybersecurity solution like Cognetyx possible.
Take one of the toughest scenarios as an example. Let’s say an employee of a hospital for whatever reason decides to steal patient data. Maybe they hold a grudge against their boss. Perhaps they are going to sell the data. Whatever the reason, this employee in radiology decides to access the system of the accounting department.
Current existing defenses can’t stop this person. This type of situation happens more than you’d think, and it’s the primary reason why we invented Cognetyx. Now, finally, healthcare organizations and later other industries, will be able to both identify and stop these types of insider threats.
Q: What exactly is “Ambient Cognitive Cyber Surveillance”?
Ambient Cognitive Cyber Surveillance is the best description of how Cognetyx actually works. It proactively formulates a profile behavior pattern for every user and transaction access to all applications and data, 24 hours a day, 7 days a week. Cognetyx creates a “digital fingerprint” or “DNA” of what normal access behavior patterns look like.
Any suspicious activity is detected instantly, stopping a potential breach in its track. Using the above example, the system would know that the radiologist normally only uses certain files or folders. Suddenly if the employee starts accessing files in Accounting, that would trigger an alert.
Cognetyx is automatic surveillance, detection and data breach alert in real-time. Best of all, compared to other security solutions on the market, it has very low false positives and is very simple to use. Its artificial intelligence is self-learning, gaining accuracy over time.
Our solution doesn’t replace existing cybersecurity products but rather supplements them. With a comprehensive defense strategy covering perimeter, network, host, application and data, Cognetyx adds a layer to cover malicious insiders.
Best of all, because of technological advances, the cost of powerful AI security like Cognetyx which used to be only affordable to the largest organizations can now fit the budget for almost any healthcare organization. Our sincere hope is that Cognetyx can help healthcare organizations—and others down the road—to finally have a way to combat the malicious insider threat.