This paper looks at the two of the most critical pressures facing regulated industries:
- increasing regulatory requirements and
- the surge in the volume and variety of business communications that require supervision
We examine life sciences and financial services as sectors under particular strain, and we examine how machine learning can help.
The healthcare and public health (HPH) sector is continuously implementing new digital transformation initiatives. The COVID-19 pandemic has only accelerated the sector’s need for digital tools and remote working solutions. However, the addition of these new tools has expanded their attack surface – and bad actors are exploiting this.
IBM reports that the healthcare industry is the most expensive sector in terms of data breach costs, amounting to $7.13M per month in 2020.
According to the February 2021 Healthcare Data Breach Report from the HIPAA Journal, there was a 40.63% increase in reported data breaches that month. The majority of these were hacking incidents.
Every such breach puts providers at risk of breaching regulations around patient data and patient confidentiality.
Securing digital applications is the only way for the industry to combat the growing threat of data breaches and hacking incidents.
With NextGen Compliance, healthcare institutions and hospitals can secure their patients’ data and information at scale. NextGen Compliance solutions offer comprehensive coverage of all cloud channels, mitigating risks. Moreover, it turns compliance into a new source of insights for patient communication and interaction. Compliance moves from being simply a cost center, to a new focus of revenue generation.
SEC Urges Proactive Compliance
“You need to be actively thinking about and addressing the many compliance issues raised by the increased use of personal devices, new communications channels, and other technological developments like ephemeral apps.”
Director, Division of Enforcement
Securities & Exchange Commission
Critical Pressures Facing Regulated Industries
Regulatory pressure is increasing. A patchwork of regulatory frameworks is an ever-stronger headwind for organizations with global operations. Already, 4 more data privacy regulations were passed in the US in 2021, along with some announced policy changes in GDPR. International companies are beholden to local regulations as well as those that apply in their HQ country.
At a time when differences in regulation are drawn by borders, digital channels are erasing the borders in business communication. Moreover, they're increasing the variety of communications that require governance. It's no longer just phone and email. It's applications that enable 1:1 communications like chat, mobile collaboration apps, and more. They also include tools that aggregate sales data into valuable business insights, like SaaS CRM platforms.
The difference between current legacy systems and these new technologies is vast. For example: A business development or sales executive may get about 100 emails a day from prospects, but with current communication and collaboration tools, the amount of communications could easily expand to 800-1000 messages or hundreds of complex free text field notes daily.
From the year 2000, the pharma industry has accumulated $86.1B worth of fines. According to the Good Jobs First’s Violation Tracker, the top 3 pharmaceuticals with the most penalties and violations are (names redacted):
The Heart of the Problem
The vulnerability of collaboration apps is rooted in three main factors:
- A high velocity and volume of communications;
- Lack of true visibility into these communications; and,
- The inadequacy of manual monitoring
The average Slack or Teams instance plays host to thousands or even tens of thousands of daily messages. These messages are exchanged at lightning speed, around the clock. They are sent in groups and DMs and often contain links and attachments. In Zoom, users communicate through video conferences, in-meeting chats, and even IMs.
Just one malicious message, amongst the thousands of interactions hosted by a Slack or Teams instance, can cause serious damage. However, collaboration tools’ nonstop flow of human interaction moves far too fast to be manually monitored. Scanning every message is simply not practical.
This renders collaboration tools black boxes. Security teams lack visibility and control, and secure collaboration tools can feel nonexistent. The activity proceeds at a consistent pace, but teams have no way to get their arms around everything that is going on.
This is supported by a recent joint study conducted by research community Pulse and SafeGuard Cyber that surveyed 100 enterprise IT Security leaders. Key insights from the respondents of that study revealed:
On the other hand, according to reports, the global financial services industry has been fined a total of about $5.4B in 2021.
It's impossible to apply legacy compliance solutions and processes to these new channels. Existing solutions rely on sampling methods or result in inconsistent policy application. This creates high cost oversight processes, high false positives, and time wasted. The solutions also do not scale to meet the volume or velocity of digital communication.
In other words, failure to adapt compliance processes means remaining in a constant state of risk exposure, as well as getting left behind by the ever-changing industry. It’s a lose-lose situation overall.
The Key Benefits of Machine Learning
Highly-regulated industries must capture and supervise client engagements, inclusive of new digital communications and CRM platforms. However, with the increasing velocity, variety and volume of digital communications, the ability to capture and supervise communications requires a more flexible, scalable, highly automated approach to effectively manage compliance risk.
Fortunately, with the help of machine learning, sophisticated risk-based analytics can be used to automate policy enforcement to maintain data privacy and protection.
Here are three key benefits of leveraging machine learning (ML):
Multi-Faceted Concurrent Search
Technology-Assisted Review (Predictive Coding)
Automated Data Detection and Redaction
Solutions built on cloud-based ML help industries secure records of compliance, as well as violations, and help move along e-discovery and investigations. With the capabilities of machine learning, efficiency in capturing, collecting, and supervising such records will be greatly enhanced.
Key insights from the respondents of that study revealed:
Lack of visibility (39%) is the biggest challenge for security leaders who aim to maintain security and compliance across all business communications.
Only 10% of respondents have a tech stack that can fully detect and respond to threats in cloud applications outside of their network.
To ensure security and compliance on social media, collaboration, and mobile chat applications, most security teams (77%) turn to tools that restrict access to third-party communication apps.
"COVID-19 really expedited some of our conversations around modern channels and accelerating digital transformation."
Head of Product, Global100 Pharmaceutical Company
ML-Powered Compliance and Governance: Achieving Results
Employing machine learning tools to modernize governance and compliance processes will address the challenges and provide the benefits previously stated.
What’s more, with the help of a machine learning-powered compliance and governance solution, companies can achieve:
Customize your advanced policy engine to define what content to flag, block, or monitor; or even target coverage of specific roles or individual accounts.
Automate full lifecycle of governance and compliance for digital communications apps with high degree of precision, based on ML-driven risk analytics with natural language understanding (low false-positives).
Capture and audit conversation content from day one, or optionally capture content posted before setup. Consolidate governance and compliance for a broad set of digital communication apps, including mobile chat, social media, collaborations and other enterprise cloud apps.
Review and search all archived content, including customizable retention management. Onboard and scale quickly with informed consent for your employees – no need to install an app or custom software on employee devices.
SafeGuard Cyber integrates directly into communication channels via APIs to process content and metadata using patented Natural Language Understanding technology and cloud-based machine learning, empowering organizations to detect and respond to compliance and regulatory risks at scale.
Your solution should have a portable security layer extending to any instance, with visibility to detect internal and external message-level threats. Organizations benefit from rapid, scalable deployment, and gain time to value while eliminating the need to manage agents.
Protect business-critical cloud communication environments, on any network or device. An effective cybersecurity solution should also be efficient, ensuring rapid MTTD/MTTR capabilities for all of your collaboration communications is necessary.
"The biggest conundrom for organizations, especially in highly regulated industries, is actually not really the technology. That's usually something that they’re able to pull in. The challenge is about getting everybody on the same page, and then having everybody be part of that equation. But if you can do that, it’s a game-changer. That’s where there is the excitement and the passion, and that focus opens up a lot of opportunity for everybody."
Francie Rawlings, Former Global Lead at Pfizer
Emerging Market Business Technology
"In security, to be really good at the defense, you have to understand the offense."
Dr. Eric Cole
CEO, Secure Anchor
Customizable and Automated Policy Engine
Policies that supervise threat detection and remediation response should be customizable at the admin level. Its distributed policy supervision should also have the ability to:
- Distinguish user groups
- Apply policies selectively to different groups, and;
- Designate different reviewers for each group
Language Agnostic ML
With the help of machine learning, an exceptional security solution should be language-agnostic, enabling multi-region readiness, and scalability. Configurable and transparent for auditable environments, an ML-powered solution can determine which risks to prioritize and respond to first. Behavioral analytics should also be available.
Finally, your cybersecurity solution should allow access to actionable risk analytics and behavioral analytics in a consolidated view of all your cloud apps.
SafeGuardCyber Survey April, 2019