Asia's Source for Enterprise Network Knowledge

Friday, March 31st, 2017

Security Without Compromise

Using big data for security only provides insight, not protection

Cybersecurity experts are excited about big data because it is the “crime scene investigator” of data science. If your organization is hacked and customer information compromised, your use of big data to collect massive amounts of information on your systems, users and customers makes it possible for data analysts to provide insight into what went wrong.

But while big data can help solve the crime after it occurred, it doesn’t help prevent it in the first place. You’re still left cleaning up the mess left behind by the breach: angry customers, possible compliance issues with data privacy standards like HIPAA and PCI DSS, maybe even government fines and class-action lawsuits.

This is where big data fails to meet its big promise: when it is employed aftera data breach happens. As the old saying goes, “Hindsight is the best sight.” Big data, when utilized after a cyberattack, certainly gives you that. However, what it doesn’t give you is the ability to realize that a breach is happening, or is about to happen, and stop it before massive damage is done. Because of this, big data, when used in a vacuum, will not secure your systems, your business, or any of your sensitive information.

Big data cheerleaders will say you can use this hindsight to fix the problems that let the hacker into your system in the first place. After all, since you know what went wrong, you can patch your system so that it doesn’t happen again, right?

While that may be true – you may be able to prevent that specific problem from happening again – cybersecurity simply doesn’t work that way. The threat landscape is dynamic, with new technologies, and thus, new vulnerabilities, emerging every day.

Additionally, hackers are like any other criminal: They are savvy, adaptable, and know how to play on human nature. They’re always going to find your weaknesses – and your biggest weakness is your own people, your trusted employees. Most hackers don’t break into systems through the back door. They get their hands on legitimate login credentials and, essentially, walk right in the front door.

So, in most cases, big data analytics will reveal hackers accessed your system by logging into Server X using an employee password they stole through a social engineering scheme, such as phishing email. (Or, worse yet, the credentials may have been handed to them by a malicious insider.)

With this new insight, you may decide to provide training for your employees on cyber security best practices, such as how to spot a phishing email and the dangers of clicking on suspicious links. Employee cybersecurity training is essential, and it will help keep your systems safer, but it’s not a panacea.

Humans are fallible. They make mistakes when they are tired, distracted, or in a hurry to get something done. Additionally, no amount of training will stop a malicious insider – a disgruntled employee, ex-employee, or contractor who is determined to strike back at the company or make a quick buck selling confidential data on the Dark Net.

Thankfully, there is a solution: machine learning, a cutting-edge technology, built upon mathematical algorithms that learn and update in real-time, that enable computers to learn without being explicitly programmed. This is the same technology that powers self-driving cars, and it is the single most powerful weapon we have against hackers.