Just like epidemiologists studying disease outbreaks, cybersecurity professionals can benefit from identifying and mitigating certain behaviors, says Dr. Elizabeth Lawler, an epidemiologist who is CEO of Conjur, a data security firm.
"Cybersecurity professionals have already taken on a lot of the language of epidemiology - such as viruses and anti-viruses, and trying to prevent breaches as 'outbreaks.' But what's happening now is that the systems that we're working in have become more complex and the risk factors are multifactorial," she says in an interview with Information Security Media Group.
Just as in viral outbreaks of Ebola or Zika, in cybersecurity "there are actually many subdomains which have much more complicated data analytics ... such as behavior analysis to identify clusters of activities where you can get a lot of bang for the buck if you can modify behaviors," she says.
Data Breach as Catalyst
Lawler says she became interested in security while she was a public health researcher at the Department of Veterans Affairs, when the VA in 2006 suffered a massive data breach involving the loss of an unencrypted laptop containing Social Security numbers and other sensitive information for millions of veterans.
"That really piqued my interest in how the practice of data security among people who are working in IT was both working and failing," she notes. "It had very similar components and features to epidemiology. When you're looking at whether it's an outbreak of a disease from a virus, or something as complex as heart disease, there are certain risk factors that are behavioral... and some of it is inherent - such as a person may a have genetic predisposition [for heart trouble]," she says.
Similarly, the behavior of professionals in trying to secure data, as well as inherent factors, such as a "system being built wrong," can affect cybersecurity, she explains.
"So I started to see connections in how you can frame out certain types of cybersecurity problems from a public health [perspective]," she says. "From a practical perspective, privileged user management was one of the biggest risk factors I could see when it came to putting large amounts of data at risk."
In the interview (see audio link below photo), Lawler also discusses:
- Access management challenges affecting the cybersecurity of medical devices;
- Emerging trends in identity and access management;
- Privileged access challenges healthcare entities and other organizations face.
Lawler is CEO and co-founder of Conjur, which offers a trust management platform for the cloud. Prior to founding Conjur, Lawler was the chief data officer of Generation Health and held a leadership position in research at the Department of Veterans Affairs. Earlier, Lawler, who has a Ph.D. in epidemiology, also worked as a researcher at Harvard Medical School. Lawler has been a featured speaker on DevOps at the RSA Conference.