You cannot combat cybercrime without data science — period. However, not all cybercriminals have the same signature. If you're serious about defending against cyberattacks, consider deploying your data science team against these six types of cybervillains.
Cybervillain #1: The Revenger
Insider attacks pose the largest threat for most organizations. Imagine what would happen if one of your system administrators decided to go postal on one of your mission-critical systems? That scenario won't end well for anybody.
Where data science can help is in the emerging and exciting field of user behavior analytics (UBA). Profile what normal behavior looks like and anticipate what attack behavior looks like. The combination of both detecting unusual behavior and recognizing attack behavior will protect your fortress from those within the walls.
Cybervillain #2: The Martyr
Anyone passionate about a cause can attempt to use your organization as a podium — if your organization has a large enough stage. Many terrorist organizations around the world would revel at the opportunity to use a large American icon for the purposes of trumpeting their cause.
To defend against martyrs, it's important for your data scientists to constantly know what's trending. A cyberattack does a martyr no good if they can't get good publicity. Sentiment analysis on popular social media platforms is a good place to start.
Cybervillain #3: The Spy
Espionage is an insidious cyberattack that can cause monumental damage; this makes the Cyber Spy one your most formidable villains.
Information that's private, classified, or otherwise confidential can fetch a huge price tag from the right buyer. The recent cyberattack on the United States Office of Personnel Management demonstrates the lengths cyber spies will go to in order to secure the right information. In contrast to the Martyr, the Spy wants to stay in your systems undetected, for as long as possible. Dormant cyber spies are very difficult to detect; but, when they "wake up," you must identify them quickly.
Your data scientists should focus on what anomalous system activity might look like, especially with data extrusion. This involves baselining what normal activity looks like, so the signal for abnormal activity is strong.
Cybervillain #4: The Thief
They say the love of money is the root of all evil, and nothing personifies this better than the modern-day Cyber Thief.
As the means of exchanging of money has rapidly evolved from paper to electronic so have the methods of stealing it. Trillions of dollars are exchanged electronically every day, and there's no sense for someone to break into a bank and crack a safe, when they have even a small chance of tapping into this river of electronic money that's gushing by them every day. The Cyber Thief wants to go undetected like the Cyber Spy, but they won't want to stay around very long, if they're smart.
Since they're only concerned with money, have your data scientists concentrate their efforts on protecting these channels with pattern matching algorithms and expert systems.
Cybervillain #5: The Washer
Money laundering is another crime that's gone cyber. The Cyber Washer is a specialist at turning dirty money into clean money using electronic means. Drug dealers, terrorists, and other bad guys turn to the Cyber Washer to make their illicit funds look legitimate; Cyber Washers do this by moving money around and covering up tracks. Like the Cyber Thief, the focus is still on money, though instead of exfiltration, your data scientists should be looking for data movement, manipulation, and deletion.
Integrity rules and controls is a good place to focus. If two or more systems should always be in balance and all of a sudden they're not, you could have a Cyber Washer problem.
Cybervillain #6: The Bragger
Some cyberattackers just want bragging rights. The Cyber Bragger has what I call a George Mallory complex. When Mallory was interviewed on why he wanted to climb Mt. Everest, he replied, "Because it's there." Cyber Braggers love the challenge of hacking into something that's not supposed to be hacked.
Cyber Braggers are the least threatening from the perspective of real damages; though, if they brag too loud, they could destroy your reputation. Cyber Braggers are extremely difficult to defend against because they're often the best hackers in the world. You have to think like them in order beat them.
My advice is to bring at least one Bragger into your fold. If you have an elite hacker on your data science team, you at least have a fighting chance.
Your data scientists are a critical component of your cyberdefense strategy. Take time to brainstorm with your data scientists on how to defend against each one of these six cybervillain types.
Don't be a cybervictim; be a cyberhero.
- CIOs still don't care about Hadoop data security
- How Big Data is changing the security analytics landscape
- Prepare yourself for big data and the promise of big security
- Sys admins, data scientists, analysts: How attackers' sights have switched to the tech-savvy (ZDNet)
- Security and Privacy: New Challenges (ZDNet/TechRepublic special feature)
Note: TechRepublic and ZDNet are CBS Interactive properties.
John Weathington is President and CEO of Excellent Management Systems, Inc., a management consultancy that helps executives turn chaotic information into profitable wisdom.