The Data Security Balancing Act

View This Article in BOSS Magazine

Taking a customer-centric approach to data integrity in an ever-evolving cybersecurity environment

The healthcare and insurance industries continue to be in the top 10 of the most targeted industries worldwide for cyberattacks. Phishing attacks reign supreme as one of the most effective attack methods across the healthcare sector. With the proliferation of natural language processing tools driven by artificial intelligence (AI) technology like ChatGPT, phishing attacks are only getting more and more sophisticated and more difficult to detect.

Providing user awareness and training and running robust phishing simulations within healthcare organizations is more critical now than ever before. Healthcare and insurance industry chief information security officers (CISOs) need to address challenges associated with AI as it relates to data leakage, loss of intellectual property, and worse, AI led attacks against their organizations. Further compounding these challenges is there is limited guidance and regulatory controls to address the emerging threats that AI technologies pose to the healthcare and insurance communities.

Auston Davis

Auston Davis, a 23-year veteran of the IT security industry and CISO at a managed vision care company, is keenly aware of these challenges through his focus on cybersecurity modernization initiatives that include cloud transformation, improving AI, and improving self-service technologies. With the seemingly boundless sophistication and determination of cybercriminals, Davis notes that severely limiting exploitable vulnerabilities, such as fileless malware, is a minute-by-minute challenge faced by CISOs and their organization. “With fileless malware, you're essentially utilizing the tools that are intended to provide legitimate business functions and using them for malicious purposes,” he explained.

As Davis noted, ensuring that only the right people are using those tools for the right purposes at the right time is a tricky endeavor. “It’s not straightforward because the tools are designed to be easily utilized by anyone who needs to use them.” With potentially millions of bytes of personally identifiable data flowing through organizations across the industry, that’s a tall order for companies and should be a significant focus of IT modernization.

The near-universal embrace of AI and its thrilling, seemingly limitless potential is raising questions throughout the global cybersecurity community. “There’s a flip side to AI from a cybersecurity standpoint, which is, ‘How can that same AI be used against our organization?’” he stressed. The emergence of a commercial AI platform that can do great things to improve customer experience and improve business relationships and efficiencies, especially from an IT standpoint, opens unnerving opportunities for cybercriminals. “If someone took information and plugged it into a ChatGPT chatbot, what could they do against a targeted organization? What is the data exposure level? Meeting the challenges posed by the emergence of freely available AI solutions is another area of focus for CISOs and is where we should be driving collaborative conversations among peers.”

The delicate balance between data integrity and accessibility

Data integrity and making sure that the right people have the right access to make changes to view and work with data at the right time is paramount. Still, balancing the tradeoffs between data availability and securing its accessibility is a narrow needle to thread. When it comes to protecting the confidentiality of data, companies should invest heavily in authentication mechanisms. “For example, if a company is onboarding a new customer, it is important to implement solutions which allow them to verify who they are in a quick and secure manner,” said Davis.

Ultimately, the contributions of information security professionals to the customer experience can’t be understated. The bottom line: Companies need to ensure that their systems and data are available and accessible to the right people at the right time – for the right reason.