Big Data & Predictive Analytics Can Identify Cyber Risks

Uploaded on 2016-03-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments, TECHNOLOGY--Resilience

Framework for big data and analytics for semiconductors manufacturing.

In today’s fast-moving, dynamic digital environment, there is no crystal ball that can tell you the form or target for the next cyber attack.

The IT product development cycle has become so fast and centered on functionality that security is rarely in focus. Most developers assume that the layers upon which they build provide the necessary security. Unfortunately, the platforms upon which most of these systems have been built are porous, and attackers are actively looking to exploit the holes in these systems at all levels.

Since the form or morphology of these attacks can change so dramatically between iterations, CISOs must assume that some will succeed even as they continuously strengthen their defenses and strive to handle the volume of alerts generated by their current tools. In fact, it is best that CISOs assume it’s a case of “when we get hacked, not if.”

Big data and predictive analytics show great promise when it comes to cyber defense because of their ability to transform massive amounts of data into actionable intelligence. Predictive indicators can identify new emergent risks before they result in significant losses and help your security staff deal, with alert overload.

Today’s cyber criminals have learned that snatch-and-grab attacks, where they attempt to quickly steal large amounts of data from a network, are easily detected by network defenses such as firewalls and anti-virus, which will effectively shut down or quarantine access. Therefore, criminals have evolved a more patient approach, constructing layered software that is designed to steal small fragments of data over a longer period of time.

Because many of these pieces of software are disguised as commonly used formats, jpg and pdf for example, they often can go undetected by many systems. The industry average before a network breach is detected stands at around 200 days. The result for the victim is death by a thousand cuts.

Predictive analytics can detect these data anomalies early on, looking for new patterns of data access, including hidden data that is being exfiltrated into another format and/or encrypted to avoid detection. By finding these anomalous patterns, predictive analytics help reduce a company’s overall risk exposure by limiting the amount of time that it’s inside the network.

Managing Cyber Alerts Effectively
One of the most common issues that CISOs face in regards to cyber security is “alert fatigue,” which results from the sheer volume of the alerts generated by cyber defense systems during the course of a given day.

With predictive analytics, risks are evaluated and ranked on a sliding scale of importance. If suspicious or malicious behavior is suspected, the analytics engine alerts the right people about the suspicious behavior, ranking it from highest to lowest risk. Leveraging vast amounts of data, but processing it efficiently, ensures predictive analytics can provide real-time responses in contrast to older approaches that are time-consuming, inefficient and expensive.

Predictive analytics are not perfect, however, and the desire to go unobserved causes cyber criminals to mimic normal behavior if possible. Therefore, managing the predictive analytics process requires an organization to handle the false positives and false negatives that are generated during the threat surveillance process.

On one hand, the system must have a very low tolerance for false negatives since missing active threats can lead to the disaster we’re trying to avoid. Conversely, they need to determine how many false positives have been received to ensure that neither the system nor the people are overburdened.

Alternatively, it cannot be too restrictive as to block out legitimate traffic, i.e. customer e-mail, etc. which can lead to reduction in profits or customer service. It is a balancing act, and how you manage the process is crucial to obtaining the best results.

With limited resources, organizations need to identify the most severe cases first by prioritizing alerts based on potential impact and then handling all alerts efficiently. One approach is to have levels of security analysts with different skill levels.

First level analysts should try and handle an alert in five minutes, otherwise escalate it to the experts who can distinguish a targeted attack from a generic attack. This way, critical resources are freed up so that organizations are only engaging the most valuable assets on the most important threats. Businesses must address both known and unknown (emergent) risks when developing a cyber defense program. Once risks become “known,” a standard form of defense should be constructed. Companies need to save their most skilled resources for discovering the “unknown risks” and defending against them.

Using predictive indicators to detect the unknown risk is incredibly challenging, but by assessing losses and anomalous behaviors, businesses, along with their partners, can use big data to solve big problems.

Information-Management: 

« Great Wall: China Bans Foreign Online Publishing
IT Spending Predicted To Slow »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

InnoSec

InnoSec

InnoSec is a software manufacturer of cyber risk management technology.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp is the world’s largest network of multi-corporate backed accelerators helping startups scale internationally.

Iowa Cyber Hub

Iowa Cyber Hub

Iowa Cyber Hub is a cybersecurity education partnership between Iowa State University and Des Moines Area Community College.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

RhodeCode

RhodeCode

RhodeCode is an open source repository management platform. It provides unified security and team collaboration across Git, Subversion, and Mercurial.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

Dutch Research Council (NWO)

Dutch Research Council (NWO)

The Dutch Research Council (NWO) is one of the most important science-funding bodies in the Netherlands and ensures quality and innovation in science.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.

INT3L

INT3L

The INT3L group (formerly Defentek) is a provider of national security and intelligence solutions, systems and services.