The key to identifying the next big threat: Data analytics & cybersecurityBlog
May 05, 2017
There is currently a lot of buzz about the convergence of data analytics and cybersecurity. This isn’t surprising considering anticipated Internet of Things (IoT) growth. According to Gartner, there are six billion IoT devices in use today—a number expected to grow to 20 billion by 2020. Government agencies including the Department of Defense (DoD) should be able to leverage the data produced by these devices to crank out useful results like when the next cyberattack is coming and what to do about it.
However, making such predictions is easier said than done and many agencies are still asking the question: how do we get started with such an ambitious project? Or, if they have already started —as many have—how do we make sure we’re staying in front of the bad actors?
First, realize the potential of actionable data. As the wave of security and security-related data grows ever larger, many civilian and defense professionals are drowning in data and lack the capability to make it useful. Data analytics can turn this situation around. Unlike humans, these systems thrive on data, growing more accurate, useful, and predictive as they gather bits and bytes. Data analytics systems help security professionals ride the data tsunami, instead of drowning under it.
Federal agencies are already seeing the benefits of data analytics. According to a recent Meritalk survey, 81 percent of federal cybersecurity professionals use big data analytics for cybersecurity. Further, these efforts are leading to results. According to the survey, 90 percent of respondents have seen a decline in breaches due to the use of big data analytics and 84 percent have used big data to thwart at least one cybersecurity attack. Unfortunately, bad actors benefit from similar tactics, using data analytics and machine learning to carry out sophisticated attacks and scams. Cyber criminals can quickly and intelligently innovate and execute. If agencies want to keep up, they’ll have to do the same.
Second, don’t believe the hype that robots and computers are taking over cybersecurity. Despite increased adoption of cybersecurity data analytics among federal agencies, well-trained humans remain critical to deal with intrusions. Agencies need a good mix of data scientists and cybersecurity experts. Ideally, those individuals will have expertise in both areas. Since these fields are in high demand, agencies should expect to pay top dollar for experienced people or invest in training for current staff.
Finally, carefully identify and select data sources, then introduce them one by one. Logs from security devices and systems are obvious sources to consider, but agencies should keep an open mind. Ancillary systems such as environmental control systems, supervisory control, and data acquisition (SCADA) systems, vehicles, and building access systems offer surprising results. I personally have seen electrical metering data fed through an analytics system accurately identify and predict security intrusions.
Remember, the bad guys are fast, smart, and highly motivated. To win the war against these cyber criminals, federal agencies must leverage innovative data analysis tools, such as cyberthreat hunting and machine learning, to identity and disrupt cyberthreats. With billions of devices and data points coming online each year, the time is now. So, roll up your sleeves, learn all you can about data analytics and keep the bad guys off your back—or at least out of your data.
Don Maclean is the chief cybersecurity technologist at DLT Solutions.