George Pappas Explains What AI Means for Cybersecurity Leadership

AI is making it easier for cybercriminals to attack healthcare organizations. AI capabilities used in Cyberattacks increase the level of sophistication at scale that can penetrate several of the current defenses in place. Some of these examples include identity/credential acquisition, phishing, network penetration, undetected lateral movment. Due to the productivity of AI-based methods and the “cyber attack as a service” software models on the dark web, we are seeting more and more sophisticated cyber events.

As AI is still a new and emerging technology, misconceptions abound. Many cybersecurity companies are working to build more applied intelligence into their platforms to reduce the amount of human intervention needed to perform critical tasks. As LLM’s improve in capability (which is happening rapidly), there is a belief that AI based systems will make defenses inpenetrable. As a threat, there is a corollary that AI can make attackers penetrate any defense . Not surprisingly, AI-based platforms are and will be powerful levers for security teams and cyber attackers to do more with less at a higher level of intelligence that will require both sides to continually improve and adapt or they will fall behind.

Compliance and regulator frameworks are slowly adding AI-centric measures and controls. At this time, due to the immature and complex nature of the technology, the frameworks for AI are primary focused on governance, data management, and questions of LLM provenance. To evolve, the frameworks need to address verifiable measures of safety, execution leakage, model and application training metrics, and more methodical meaures of testing and validation for certain performance standards to be deployed in healthcare.

An AI-powered cybersecurity strategy should include the following components:

1. Threat detection and response (intrusion detection systems, behavioral analytics, automated incident response, intelligent yet automated vulnerability assessment and remediation/escalation).

2. Data and infrastructure security and privacy (data encryption, de-identification and masking, access controls, interoperability controls, user authentication controls).

3. Risk assessment and vulnerability management (predictive analytics, continuous monitoring, threat intelligence integration).

4. Endpoint and IoT device security (device ID and monitoring, anomaly detection, zero trust architecture).

5. User education and awareness (phishing testing/escalation, detection and prevention, adaptive training programs).

6. Regulatory compliance and reporting (automated compliance audits, audit trail analysis).

7. Resilience and recovery (AI-driven backup verification, disaster recovery planning).

8. Governance and policy enforcement (policy automation, risk-based authentication).

Also, organizations should examine the NIST CSF 2.0 framework, a set of voluntary cybersecurity guidelines and best practices from the National Institute of Standards and Technology.

Healthcare organizations need to take a unified approach to cybersecurity. Enterprise risk management offers a framework to guide the process. Rather than treating individual areas of risk – such as financial or operational threats – as distinct factors to be considered in isolation, the approach encourages leaders to consider all risk factors in their decision-making process.

It begins with taking stock of their current cyberdefenses and vulnerabilities. Just because an organization hasn’t yet been hacked doesn’t mean it’s safe. It’s more likely just a matter of time. Cyberdefenses can quickly become obsolete so hospitals should regularly update them. Take a close look at emerging, intelligent, cyber threats and develop a robust plan to address the many layers of technical debt that exist in almost every Healthcare organization. This is particularly important given the latent interoperability vulnerabilies that are increasingly exposed to sanctioned AI projects yet represent new risks that are often underappreciated.

Every organization of any size should have a chief information security officer (CISO) that reports directly to the CEO. Too often, cybersecurity is the responsibility of chief information officers or chief technical officers, who already have too much on their plate. CISOs also should not have to handle legal and other matters, but be free to concentrate solely on cybersecurity.

And, of course, cybersecurity operations need to be adequately funded, which they often are not. Given that millions of dollars, patient data and even lives can be at stake it doesn’t make sense to skimp on defenses.

Executives also should be on guard against complacency or treating cybersecurity as something that can be crossed off a list. Attackers are never going to give up or stop devising new hacks. AI simply makes it too easy. Anytime an organization thinks it is safe is when it becomes most vulnerable.

Any deployment of AI in healthcare, whether in cybersecurity or something else, requires robust governance, ethical practices and human oversight. Organizations need strong guidelines in place to ensure it’s used correctly and fairly.

To balance the risks vs. the rewards of testing and deploying the generation of new agent-based services, the technical leaders (CIO, CTO, CISO) of the organization should establish a continuing process of standards and early involvement with functional leaders. Too often, the risk vetting of a new technology takes place late in the acquisition cycle that lead to undue risks. A good governance practice here would include the technical team sharing their vetting of all AI-based technologies with the entire leadership team to better educate them on the standards expected.