SingHealth data breach a timely reminder of how we can beef up cyber defence with AI

News of the SingHealth breach, Singapore’s largest ever cyber attack, sent shockwaves globally. It drove home the point that cyber attacks are now woven into the fabric of everyday business.

The most significant implication of the breach is how it can undermine public trust in an organisation’s ability to safeguard data.

Interestingly, there has been far less finger-pointing at the victims than what we typically see once a breach has been disclosed, perhaps due to how the breach was managed.

In this case, emphasising that attacks can and will happen helps mentally prepare people for this new reality.

Analysts have also praised the speed of the authorities’ response. It took less than 20 days between the attack and when the public was informed – one-tenth the global average.

Though the hackers caused a stir by stealing 1.5 million patients’ personal information and 160,000 medical records, including those of Prime Minister Lee Hsien Loong’s, the severity of the attack sits in the shadows of those that have come before.

This includes the Sony Pictures hack in 2014, the Panama Papers leak in 2015 and last year’s global WannaCry ransomware, each of which caused catastrophic damage and disruption.

These examples are persistent reminders of how much of our work and data have now shifted online, and that increased adoption of new technologies coupled with the ever-changing threat landscape make anyone a potential target for cyber-attackers.

Putting this in context, the brazen cyber attack on SingHealth is a concern.

It exposed the weakness of our healthcare system, a key component of critical infrastructure.

We are seeing increasing numbers of aggressive and persistent attacks on essential services, especially by coordinated, criminal groups and nation states, the latter named as the likely perpetrators of this recent attack.

Where the security stakes are higher, so are the force and sophistication of attacks.

Notably, there has been a rise   in well-resourced, ‘low and slow’ cyber campaigns where the perpetrators take the time to discover vulnerabilities, often silently exploiting them and bypassing traditional defences unnoticed.

In Singhealth’s case, while data was exfiltrated over the course of seven days before being detected, the savvy attackers would have embarked on a far longer campaign prior to infiltrating the network.

We are now reminded that, in the healthcare sector, networks are like digital jungles as the attack surface of clinics and hospitals expands from the physical to the virtual.

With MRI scanners and new biotech innovations increasingly connected to the internet, as well as clinical data such as prescription and blood type being uploaded to cloud platforms, the healthcare sector is fast becoming a hackers’ paradise.

And this threat is not only limited to healthcare as other sectors get rapidly plugged in.

HOW TO FIGHT BACK?

In the wake of the SingHealth data breach, Singapore’s Smart Nation initiatives - including the National Electronic Health Record (NEHR) project - has been halted temporarily, which is a practical move. Smart cities come with an expanded attack surface.

Ensuring that stringent cyber security measures are in place is crucial. This can be done if we analyse what’s needed and deploy innovative security technologies that work in tandem with evolving threats.

The city of Las Vegas offers us some lessons in this respect.

As one of the first connected cities in the United States, Las Vegas relies on Artificial Intelligence (AI) technology to monitor and continuously defend thousands of sensors that monitor everything from air quality to signalling systems across the city.

It uses AI to create a detailed virtual map of its enterprise network, and the self-learning technology is able to identify what is ’normal’ to the organisation in order to detect and neutralise cyber-threats at their earliest stage.

In one incident, a network intrusion was quickly detected and stopped.

Similarly, the United Kingdom’s National Health Services (NHS), which itself was one of the most badly-hit victims of WannaCry last year, has incorporated AI as part of its cyber defence.

Last year’s attack crippled parts of NHS’ operations, locking data on computers with demands for money, causing 20,000 hospital appointments and operations to be cancelled - of which 100 were cancer-related - as ambulances were diverted from some A&Es.

Now, its AI’s autonomous response create ‘digital antibodies’, akin to how human antibodies fight viruses, to detect and contain emerging threats.

An early adopter of innovative technology, Singapore can learn from these examples and has the capacity to embrace AI cyber technology even as it pushes ahead with its Smart Nation initiatives.

The traditional approach of building walls to keep threats out has failed.

Threats are evolving in unimaginable ways and we are entering an era of disruption by attackers intent on causing widespread disruption and systemic damage to critical systems.

While the dynamic infrastructure of smart cities makes predicting tomorrow’s attack near-impossible, it does not mean we cannot shield ourselves from future threats.

For every attack, there are leading indicators.

Using AI, these early signs of attacks can not only be detected but can also be deployed to autonomously respond in a matter of seconds.

In this short span of time, the threat can be effectively contained, buying human security teams time to catch-up and focus on investigations, and take proactive steps to thwart the next big attack.

Though AI-powered attacks are not yet mainstream, it is only a matter of time before machines are fighting machines in a quick-firing cyber arms race. This is why digital immune systems that use AI to detect and autonomously fight back against stealthy and fast-moving threats should be firmly embedded in future cyber security measures.

ABOUT THE AUTHOR:

Sanjay Aurora is managing director, Asia Pacific, Darktrace, a cyber security firm.