Myth busted: Machine learning software isn't enough
Sure, machine learning is capable of analyzing massive data pools and, when it comes to security, the technology can both detect and analyze threats.
But it’s often touted by security companies as a great hero -- especially for busy hospitals.
[See them all: 10 stubborn cybersecurity myths, busted]
The technology replaces the human aspect of data analysis by automating the process. It also has the benefit of monitoring behavior, as it’s not signature- or heuristics-based. If a behavior is deemed malicious, machine learning can prevent the activity from executing.
But in a hospital setting, it’s often up to the IT team to sift through this mass collection of data to detect those threats.
Machine learning software isn’t a new concept. CynergisTek CEO Mac McMillan said that it’s been used for decades to keep up with malware and has been introduced into anti-malware software. The technology relies on a set of known attributes and data and assumes the systems know these threats.
“With cybersecurity, that’s not a smart assumption,” McMillan said. “When you take the morphing nature of threats and new threats emerging like zero-day attacks -- there’s no way for a system to learn what those attacks would look like. To rely solely on machine learning for security is just naïve.”
Instead, machine learning should be used as a component to an integrated architecture. MacMillan said organizations should understand the technology and its function with other security controls, before using it as its primary security tech.
Machine learning is an important part of a layered defense system, but it can’t be exclusive. To ICIT Senior Fellow James Scott, that’s because the technology relies on predictability.
Scott stressed that it might even be a necessary security feature, as cyberattacks now and on the horizon are boasting mutating hash and even AI. So having machine learning in your security arsenal is crucial, as it’s the only way to defend against it.
“Machine learning isn’t going to solve all of our problems,” McMillan added. “It’s an important piece going forward, but don’t buy into the end-all-be-all bull. You still need a good, strong infrastructure based on defense and data. Defense and depth is still the best approach to security.”