Organizations with a sophisticated approach to cybersecurity are no longer satisfied with locking the doors after the robbery has been committed. There is instead a distinct shift toward offense.
A Deloitte & Touche report [PDF] notes a trend toward predictive models, which has meant that protection has become more about using advanced math and science to pursue anomalies and pinpoint threats, than it is about building bigger and better walls.
“Cybersecurity has received increased attention in recent years due to high profile data breaches and attacks on critical infrastructure,” Adnan Amjad, partner at Deloitte, in an interview. “As a result, there is mounting pressure from directors and executives to measure and monitor risk levels, malicious activity and the effectiveness of cyber investments. They seek what seems impossible: a cyber-detection capability that is so mature that the organization is able to address cyber threats proactively. This is where analytics can help.”
However, the dirty little secret of cyber-monitoring is that state-of-the-art practices are intrinsically reactive; organizations watch for threats they’ve either seen before, or that have victimized others.
“And they are often missed, due in part to the massive number of cyber events occurring daily and, in part, because there is insufficient data to evaluate where and when business-critical events may occur,” added Amjad. “In other words, there is often insufficient context for anticipating and preparing to respond to cyber threats. At the very least, companies need skilled professionals with deep institutional knowledge to patch the data together manually.”
The ability to use high-volume Big Data (billions of records) and execute queries in seconds to identify anomalous patterns can help organizations evolve from monitoring cyber-threats to managing cyber-threats. This in turn can help them to map their susceptibility to attack; detect previously-unknown threats and zero days; prioritize cybersecurity investments; satisfy regulatory inquiries; and provide real-time data to executives that quantifies cyber-risk and enables better decisions.”
It takes horsepower supercomputing to do this in near-real-time; the effort would take significantly longer with traditional computing platforms.
“The market is now at a tipping point where cybersecurity operations are starting to transcend tactical ‘monitoring’ and become significantly more sophisticated,” Amjad said. “Technology advances in multiple areas, including: high-speed access to abundant datasets (threat sharing, real-time network traffic, unstructured business data), innovative automation (analytics, machine learning, visualization), and evolving forensic and incident response tools, are driving this sophistication.”
Companies adopting these types of offensive steps will no doubt find that they need new personnel capabilities, the report found. Many cyber-professionals don’t have the skills to do predictive threat intelligence or predictive analysis of past breaches. At the very least, extensive collaboration between analytics and cyber-professionals may be required. And cybersecurity projects will need to rapidly move up the priority list for analytics groups.
Photo © Lik Studio