Global cybercrime continues to
increase at a rapid pace, and effective Chief Information Security Officers
(CISOs) need to get
better at anticipating criminal behavior in order to provide effective, and
efficient, risk management. As both
information risks and cyber security threats increase, organizations need to
move away from reacting to incidents and toward predicting and preventing them.
While
organizations don’t always need to understand how the attack works from an
in-depth technical perspective, they do need to understand how the attacks get
past their defenses. Armed with intelligence and analytics, a successful CISO
will learn from others’ mistakes and raise awareness within the organization to
ensure it doesn’t happen on their watch.
Big Data + information security =
huge opportunities
The massive volume of data that
businesses are collecting, including financial transactions, location-based
data and customer interactions, is growing exponentially. Problems addressed by
big data analytics are those for which insights and answers arise from analysis
of vast, complex or disparate data sources. Executives tasked with managing company
data must find the delicate balance between everyday data management tasks and
effectively leveraging data through both analytics and analysis.
In a recent webinar, I discussed the combination of big data and information
security – the challenges and opportunities. This is an important topic today
as big data analytics is enabling organizations to process and analyze huge
volumes of disparate and complex data – providing a step change from standard
reporting and monitoring toward correlating and probing for insight into
threats, risks and incidents. This insight can lead to increased information
security, greater organizational agility, better cyber resilience and decreased
business impact. This capability is critical as the practice of reacting to
incidents is replaced with the need to predict, understand and respond to
complex events.
Research suggests that companies
capturing and using big data and business analytics to guide their
decision-making are more productive and have higher returns on equity than
competitors that do not. In fact, according to the McKinsey Global Institute,
the impacts of big data commercially have the potential to generate significant
productivity growth for the healthcare and public sectors, and have the ability
to increase operating margins for retailers along with creating a very healthy
uptick in employment prospects for analytical talent positions.
Big data is a challenge that stretches
the limits of the enterprise, and as it continues to become a game-changer for
businesses, the security risks have become even larger. From structured and
unstructured data inside the network of enterprise PCs and servers to
smartphones, laptops and storage devices that introduce new data management
challenges, businesses can be easily overwhelmed by the risks posed by big
data. Unfortunately, while many organizations are using “Big Data” analytics to
support their core business, few have realized the potential benefits for
information security.
A game-changer for businesses
The promise of actionable insight
from data isn’t new – business intelligence and other analysis capabilities
have long been present in many organizations. What is new is the rate at
which data is growing, the way the data is changing and the demands being
placed upon it. With the capability to properly analyze threats, risks and
incidents from a wide array of data sources, the insight from big data
analytics helps executives and boards better manage the risk/reward balance in
cyberspace.
As big data continues to be a
game-changer for businesses, the security risks become even greater. Users are
becoming alarmed about how much data is being collected, with whom the data is
being shared and how it is being used. There is a clear need for better
engagement among key stakeholders and joined-up thinking throughout
organizations, from the Chief Marketing Officer’s office to the IT department,
with the adoption of clear guidelines and best practice on the usage, storage
and transfer of data both inside and outside the business.
Legal and regulatory issues
The law-making process is slow
compared to technology’s speed of change. This lag often means that new
technical solutions remain unregulated or are constrained by outdated
legislation. While big data has not been in existence long enough for its
implications to be well understood and addressed by laws and regulations,
organizations must ensure that their use of big data analytics complies with
existing legislation and regulations, while keeping an eye to the future.
Personally identifiable information
(PII) is subject to a high level of legally mandated protection by data privacy
laws. In some jurisdictions, using data sources that personally identify an
individual may be entirely prohibited. In others there may be constraints in
relation to how and whether different data sources can be used. Even though big
data analytics often uses raw data that is not of a private or otherwise
legally sensitive nature, the outcome of an analytics exercise can collate data
in a way that creates highly sensitive private information which may then need
to be protected.
Managing external and internal threats
Let’s take a few moments to look at
a few examples of how big data analytics can help businesses improve
information security. First, let’s examine external threats.
Big data analytics could help
identify cyber-criminal or state-sponsored zero-day attacks. Modern malware and
attacks often rely on stealth and the element of surprise, which makes them
increasingly successful even against state of the art anti-malware solutions.
As a result, many of the anti-malware vendors are using big data analytics to
analyze malware reports and associated network traffic in an effort to identify
and mitigate malware campaigns as they occur.
In terms of supply chain security,
big data analytics has the potential to profile or identify suppliers by
scanning sources such as contracts, service level agreements, procurement and
vendor management databases, connectivity logs, invoices, delivery and shipping
notes, payment records and expense records. Big data analytics can create an
overarching view of supply chain security by analyzing high-risk suppliers’ security
data such as that held in suppliers’ network logs, event management databases
or intrusion detection systems. It can also compare suppliers across different
dimensions of information security risk.
When we look at internal threats,
several of our Member companies are using big data analytics to identify
standard patterns of staff behavior. Big data sources may include email
content, web activity (including access to competitors’ websites and trade
forums) and building access logs.
Additionally, a number of
high-profile banking frauds succeeded because the perpetrators never took more
than a few days off work at one time and were thus able to keep their fraud
hidden. As a result, it became standard in many financial organizations for
staff to take “block leave” – in other words, mandatory vacation where the
minimum time away was sufficiently long that fraud could not be concealed in an
individual’s absence.
The rise of remote access and the
proliferation of mobile devices in the workplace in today’s fully connected
society has potentially undermined this control. Big data analytics could
identify staff that are accessing systems when they should be on vacation, by
correlating leave scheduled through a calendaring or HR system with remote
login, mobile device, or other account activity.
While the ultimate promise of big
data analytics for information security is to predict and prevent incidents,
there will always be value in remediation. Big data analytics can be used to
assist with post-incident review, to assess the full impact, determine possible
root causes, and identify potential indicators that could be used to warn
against future incidents. These results can then be used to identify mitigating
controls. Historical data can also be analyzed using the indicators to
determine if there have been previous occurrences of the incident that were
undetected.
Using Big Data analytics to your advantage
Executives and boards want to
balance the risks and rewards of operating in cyberspace by ensuring that their
investment in information security and cyber security is appropriate to manage
and mitigate the risks.
As
the use of big data analytics increases, the range of data sources will spread.
One of the key messages that I would like to get across is that big data
analytics is not just about log analysis; it is about seeing a wider picture.
Organizations
need to approach the data differently, looking for connections between
different data sources and regularly questioning whether there is another data
source that could add further value. This activity requires the intervention of
skilled individuals who understand both the data available and the objectives
of the analysis.
One
of the major issues with big data is the volume of data that is being added to
the data set each day. While organizations are benefiting from the reduced cost
of storage the benefit may be outweighed by the rapid expansion in the volume
of data. In order to balance the business benefits of big data analytics with
the cost of storage, organizations need to regularly review the data that they
are collecting, why and for how long they need it, and where and how they store
it.
Pressure
continues to mount
Pressure is mounting on businesses
to embrace big data because of the enormous insights and competitive advantage
it can provide. Since we’re still in the early days, we have not yet seen a
tremendous amount of external requirements mandating businesses to assure
information integrity. However, the sheer scale of information processed by
businesses remains on the increase and with big data analytics bringing
business decisions closer and closer to raw data, the quality of information
has become increasingly important. Big data may even be used to improve
information security if the same sophisticated analysis can be applied to
relevant security data.
While
such solutions may not yet appear to be widespread, you can be assured they are
well on the way with big data analytics already being used for fraud
prevention, cyber security detection, social analysis and real-time multimodal
surveillance. When analytics has been used as a security tool, it has
been deployed reactively to monitor security incidents or discover breaches.
What we’re now seeing is a massive, exciting opportunity for organizations to
use analytics to be more proactive and forward looking about their cyber
security.
About
the author
As the
Global Vice President of the Information Security Forum, Steve Durbin’s main
areas of focus include the emerging security threat landscape, cyber security,
BYOD, the cloud, and social media across both the corporate and personal
environments.
Founded
in 1989, the Information Security Forum (ISF) is an independent, not-for-profit
association of leading organizations from around the world. It is dedicated to
investigating, clarifying and resolving key issues in cyber, information
security and risk management and developing best practice methodologies,
processes and solutions that meet the business needs of its Members.
Further information about ISF research and membership is
available from www.securityforum.org.