The fight against cybercrime has always incorporated data and analytics, but as organizations move their systems to the cloud and attacks become more sophisticated, data analytics is firmly establishing itself as the first line of defences.
According to Ryan Sheldrake, CTO at cybersecurity firm Lacework, the most straightforward explanation for why they are now so crucial is to think about the significant change that comes along with switching to remote hosting. Businesses have physical control over their servers when they host them themselves, but that amount of direct control decreases when the servers are moved to third parties.
In the past, you could locate the server that had been attacked and even shut it down,” he says. “With cloud services, you might not even be aware of the location of your servers, and you can’t even access them.
The analysis of that data is currently at the forefront of combating cybercrime because cloud providers instead exchange direct, physical control for mountains upon mountains of data.
The use of data and analytics is being prioritised in the fight against cyber threats, and this is due to more factors than just the cloud and the vast amounts of data it makes accessible to users. According to Adrian Nish, head of cyber at BAE Systems Digital Intelligence, new types of attacks from highly skilled hackers make threats tougher to uncover using conventional virus detection techniques.
The identical signature code used to be included in all viruses, allowing for their detection and subsequent deletion, according to him. However, it is no longer the case because attacks are increasingly more sophisticated and unique, making it impossible to hunt for signatures.
Instead, you should watch data analytics, especially network traffic. There will be millions of data points to examine, but with the correct analytics, you can see anything that doesn’t seem right, such as a system on yours that may be a bot that frequently asks or “beacons” a third party for instructions. Although there may be nothing to worry about, analytics might help you focus your search.
There will be millions of data points to examine, but the correct analytics will allow you to spot anomalies. Although it might not be a concern, analytics can help you focus your search.
Data analytics is now the only way to monitor network traffic, according to James Fellows, CTO at Coventry Building Society. This is because not only have threats changed, but what “normal” looks like has also changed significantly.
During the epidemic, a significant portion of our consumers switched to online shopping, therefore we are adjusting to new payments constantly leaving their accounts, he says.
They have to become used to a lot more atypical behaviour because many of their workers work flexibly from home and at different hours of the day. For example, someone might get on in the evening. By feeding data into analytics programmes, they can identify patterns that may require more investigation. For example, they might need to call the person in question to confirm that it was actually them who logged on.
That kind of security just cannot be achieved without employing analytics to pinpoint the areas that require additional verification.
Why AI is useful
In order to begin constructing a picture of what typical traffic looks like for the millions of interactions that flash over the networks of the ordinary organisation every day, data analytics needs strong AI and machine learning technologies. In his lectures on cyber security for the industry’s SANS institute, David Hoelzer, director of research at Enclave Forensics, estimates that about half of the attendees have a background in data.
Currently, roughly half of my students are data scientists who want to learn more about how to use data to improve cybersecurity within their organisations, according to the professor.
Humans simply cannot sift through millions of data points in the hopes of discovering new infections, thus the industry is heading to a point where data analytics are like a triage system that identifies areas of concern.
The issue is that industry suppliers have been overpromising for many years, claiming they can identify hidden problems before they become a cyber danger. As a result, many people may be excused for thinking they already have this coverage or for not believing what they are being told.
The danger, according to Hoelzer, is that investment may be halted just when data analytics, AI, and machine learning tools are about to reach a stage of development where they may successfully direct people to areas of anomalous activity on networks. This would be a mistake given the ability of data and analytics to concentrate the hunt for malicious actors on networks.
Particularly in the area of cybersecurity, it would be a step backwards because, according to Ryan Sheldrake, the next wave of innovation would advance corporate defences to the point where abnormalities are not only identified but also rectified.
We’re getting to the stage where AI won’t just be able to employ data analytics to send security staff in the direction of suspicious activities, the expert claims.
The following step will involve using the data to identify and then resolve any problems. These self-healing devices will be able to identify problems and make repairs immediately.
The ultimate goal of data and analytics in combating cybercrime is that. In the future, they will be used to investigate abnormalities and then report back to security employees when an issue has been found and fixed. Currently, they can be used to reduce the noise of network data to show where malware and bad actors may be lurking.