Viewing offline content

Limited functionality available

Dismiss
United States
  • Services

    What's New

    • The Ripple Effect

      Real-world client stories of purpose and impact

    • Register for Dbriefs webcasts

    • We Are Deloitte

      Reimagining how we support our people

    • Tax

      • Mobility and Payroll
      • Reward, Employment Tax, and Equity Compensation Plans
      • Workforce, Technology, and Analytics
      • Tax Services
    • Consulting

      • Core Business Operations
      • Customer & Marketing
      • Enterprise Technology & Performance
      • Human Capital
      • Strategy & Analytics
    • Audit & Assurance

      • Audit Innovation
      • Accounting Standards
      • Accounting Events & Transactions
    • Deloitte Private

    • Mergers & Acquisitions

      • Total M&A Solution
      • Post-merger Integration
      • Divestiture & Separation
    • Risk & Financial Advisory

      • Accounting & Internal Controls
      • Cyber & Strategic Risk
      • Regulatory & Legal
      • Transactions and M&A
    • AI & Analytics

    • Cloud

    • Diversity, Equity & Inclusion

  • Industries

    What's New

    • The Ripple Effect

      Real-world client stories of purpose and impact

    • Register for Dbriefs webcasts

    • Industry Outlooks

      Key opportunities, trends, and challenges

    • Consumer

      • Automotive
      • Consumer Products
      • Retail, Wholesale & Distribution
      • Transportation, Hospitality & Services
    • Energy, Resources & Industrials

      • Industrial Products & Construction
      • Mining & Metals
      • Oil, Gas & Chemicals
      • Power, Utilities & Renewables
    • Financial Services

      • Banking & Capital Markets
      • Insurance
      • Investment Management
      • Real Estate
    • Government & Public Services

      • Defense, Security & Justice
      • Federal health
      • Civil
      • State & Local
      • Higher Education
    • Life Sciences & Health Care

      • Health Care
      • Life Sciences
    • Technology, Media & Telecommunications

      • Technology
      • Telecommunications, Media & Entertainment
  • Insights

    Deloitte Insights

    What's New

    • Deloitte Insights Magazine

      Explore the latest issue now

    • Deloitte Insights app

      Go straight to smart with daily updates on your mobile device

    • Weekly economic update

      See what's happening this week and the impact on your business

    • Strategy

      • Business Strategy & Growth
      • Digital Transformation
      • Governance & Board
      • Innovation
      • Marketing & Sales
      • Private Enterprise
    • Economy & Society

      • Economy
      • Environmental, Social, & Governance
      • Health Equity
      • Trust
      • Mobility
    • Organization

      • Operations
      • Finance & Tax
      • Risk & Regulation
      • Supply Chain
      • Smart Manufacturing
    • People

      • Leadership
      • Talent & Work
      • Diversity, Equity, & Inclusion
    • Technology

      • Data & Analytics
      • Emerging Technologies
      • Technology Management
    • Industries

      • Consumer
      • Energy, Resources, & Industrials
      • Financial Services
      • Government & Public Services
      • Life Sciences & Health Care
      • Technology, Media, & Telecommunications
    • Spotlight

      • Deloitte Insights Magazine
      • Press Room Podcasts
      • Weekly Economic Update
      • COVID-19
      • Resilience
  • Careers

    What's New

    • Our Purpose

      Exceptional organizations are led by a purpose. At Deloitte, our purpose is to make an impact that matters by creating trust and confidence in a more equitable society.

    • We Are Deloitte

      Reimagining how we support our people

    • The Deloitte University Experience

      Explore Deloitte University like never before through a cinematic movie trailer and films of popular locations throughout Deloitte University.

    • Careers

      • Audit & Assurance
      • Consulting
      • Risk & Financial Advisory
      • Tax
      • Internal Services
      • US Delivery Center
    • Students

      • Undergraduate
      • Advanced Degree
      • Internships
    • Experienced Professionals

      • Additional Opportunities
      • Veterans
      • Industries
      • Executives
    • Job Search

      • Entry Level Jobs
      • Experienced Professional Jobs
      • Recruiting Tips
      • Explore Your Fit
      • Labor Condition Applications
    • Life at Deloitte

      • Life at Deloitte Blog
      • Meet Our People
      • Diversity, Equity, & Inclusion
      • Corporate Citizenship
      • Leadership Development
      • Empowered Well-Being
      • Deloitte University
    • Alumni Relations

      • Update Your Information
      • Events
      • Career Development Support
      • Marketplace Jobs Dashboard
      • Alumni Resources
  • US-EN Location: United States-English  
  • Contact us
  • US-EN Location: United States-English  
  • Contact us
    • Dashboard
    • Saved items
    • Content feed
    • Subscriptions
    • Profile/Interests
    • Account settings

Welcome back

Still not a member? Join My Deloitte

The future of cybersecurity

by Tom Davenport, Adnan Amjad
  • Save for later
  • Share
    • Share on Facebook
    • Share on Twitter
    • Share on Linkedin
    • Share by email
Deloitte Insights
  • Strategy
    Strategy
    Strategy
    • Business Strategy & Growth
    • Digital Transformation
    • Governance & Board
    • Innovation
    • Marketing & Sales
    • Private Enterprise
  • Economy & Society
    Economy & Society
    Economy & Society
    • Economy
    • Environmental, Social, & Governance
    • Health Equity
    • Trust
    • Mobility
  • Organization
    Organization
    Organization
    • Operations
    • Finance & Tax
    • Risk & Regulation
    • Supply Chain
    • Smart Manufacturing
  • People
    People
    People
    • Leadership
    • Talent & Work
    • Diversity, Equity, & Inclusion
  • Technology
    Technology
    Technology
    • Data & Analytics
    • Emerging Technologies
    • Technology Management
  • Industries
    Industries
    Industries
    • Consumer
    • Energy, Resources, & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • Tech, Media, & Telecom
  • Spotlight
    Spotlight
    Spotlight
    • Deloitte Insights Magazine
    • Press Room Podcasts
    • Weekly Economic Update
    • COVID-19
    • Resilience
    • US-EN Location: United States-English  
    • Contact us
      • Dashboard
      • Saved items
      • Content feed
      • Subscriptions
      • Profile/Interests
      • Account settings
    26 September 2016

    The future of cybersecurity Analytics and automation are the next frontier

    26 September 2016
    • Tom Davenport United States
    • Adnan Amjad United States
    • Save for later
    • Share
      • Share on Facebook
      • Share on Twitter
      • Share on Linkedin
      • Share by email

    Cyber threats are growing in number and strength and the future of cybersecurity is looking ever more complex and challenging. Organizations are therefore turning to analytics and automation to aid cyber specialists in their job.

    While cybersecurity can be a complex and challenging field, some aspects of it are all too clear. The number of threats to large organizations is growing rapidly, as is the number of bad actors who create them and the number of systems at risk from cyberattacks. Statista, a statistics portal, estimates that there are 22.9 billion connected devices in 2016, and predicts they will grow to 50 billion by 2020.1 The Internet of Things (IoT) will create massive needs and problems for cybersecurity as millions of devices come online. Data breaches are increasing, according to one report, by 85 percent a year, and in 2016, half a billion personal records were stolen or lost.2 How can organizations possibly keep up with such a scary growth trajectory?

    In other domains of business that are subject to massive numbers of entities, a typical approach is to employ analytics and automation. These tools identify the most important events and entities. In customer analytics, for example, the normal approach is to segment customers by their value, focus on the most important ones, and predict what those customers are likely to buy. Automated offers can be customized to each customer’s preferences.

    The same technologies can rescue cybersecurity from its growing problems. There are not enough cyber specialists in organizations to deal with the number of threats today, and the imbalance will likely become much worse. Cybersecurity is too often reactive to hacks and breaches, with actions only taken after (sometimes long after) a problem has occurred. The technology most commonly used to address cyberattacks employs “threat signatures” based on patterns of previous attacks. But these approaches are of limited value in preventing new types of attacks.

    A promising solution is to employ analytics to predict and screen threats and to take some automated corrective actions. Given the sensitivity of cybersecurity issues, there is also no doubt that humans will still be necessary to confirm and investigate threats, particularly when they are internal. But their jobs will be made much easier and more productive with some help from technology.

    The analytical and automated future of cybersecurity is already here, but it’s very unevenly distributed. Academic researchers at Carnegie Mellon, for example, have employed the attributes of web servers (software used, keywords present, and so on) as variables to predict how likely a server is to be hacked.3 Their model successfully predicted 66 percent of future hacks, with a 17 percent false positive rate. This sort of predictive power would allow organizations to focus security efforts on the technology environments most likely to be targeted.

    Other predictive and real-time approaches are beginning to emerge from software vendors. The same software and modeling approaches used to identify credit card fraud—a form of anomaly detection—are being applied to behaviors in cybersecurity attacks.4 These approaches can identify emerging anomalies much faster than using threat signatures, and may be able to prevent substantial breaches before they occur.

    If the current frontier of cybersecurity is predictive analytics, the next one involves automated actions. A recently concluded DARPA (Defense Advanced Research Projects Agency) competition asked developers to submit automated programs for detecting attacks and intrusions, identifying flaws, and fixing them, all without human intervention.5 The competition (and two million dollars) was won by a Carnegie Mellon spinout called ForAllSecure, although their autonomous system later finished last in a contest with human cybersecurity analysts. But as with other autonomous software, automated cybersecurity solutions are expected to get better over time.

    Of course, technology will never solve all cybersecurity problems. Some automated actions can be undertaken; but in many cases, organizations will want to investigate problems identified by analytics before taking corrective action. The investigation requires research, testing, and perhaps even interviews for internal threats—all of which involve human experts. This means that the most effective cybersecurity environments will be complex hybrids of human and machine intelligence, and that the handoffs between automated and analytics-driven alerts and human interventions will be extremely important for effective security.

    It will also require a well-defined process for identifying, screening, and acting on threats that clearly defines roles for smart machines and capable humans. The process must not only identify and qualify threats, but also take rapid action on them. That's not easy with an overwhelming number of threats, but analytics-based prioritization can help.

    We are not describing a future scenario, but rather the early stages of a present one. Organizations in both public and private sectors today are using analytics and—to a lesser degree—automation to improve their cybersecurity programs. There may be some doubt about when such technical capabilities will be fully mature, but let there be none about their necessity and the likelihood of their adoption.

    Credits

    Written By: Tom Davenport, Adnan Amjad

    Cover image by: David Owens

    Endnotes
      1. Statista, “Internet of Things (IoT): Number of connected devices worldwide from 2012 to 2020 (in billions),” https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/, accessed September 22, 2016. View in article

      2. Symantec, “2016 Internet security threat report,” https://www.symantec.com/security-center/threat-report, accessed September 22, 2016. View in article

      3. Patrick Howell O’Neill, “Carnegie Mellon researchers create big data tool to predict cyberattacks,” The Daily Dot, August 21, 2014, http://www.dailydot.com/debug/website-hack-prediction-big-data-carnegie-mellon/. View in article

      4. Fico, Detecting attacks before they happen: Advanced technologies for better cyber attack defense, http://www.fico.com/en/latest-thinking/white-papers/detecting-attacks-before-they-happen, accessed, September 20, 2016. View in article

      5. Kenneth Chang, “Automating cybersecurity,” New York Times, June 2, 2014, http://www.nytimes.com/2014/06/03/science/automating-cybersecurity.html?_r=0. View in article

    Show moreShow less

    Topics in this article

    Analytics , Technology Industry , Cyber risk , Cognitive technologies

    Deloitte Analytics

    View
    Download Subscribe

    Related

    img Trending

    Interactive 3 days ago

    Tom Davenport

    Tom Davenport

    Tom Davenport is the President’s Distinguished Professor of Information Technology and Management at Babson College, the co-founder of the International Institute for Analytics, a Fellow of the MIT Center for Digital Business. He is an independent senior advisor to Deloitte Analytics, Deloitte Consulting LLP. He collaborates with Deloitte thought leaders on all things related to business analytics, from the potential of cognitive technologies to industry-focused explorations and outcomes. Covering topics from emerging technologies to innovative business applications, Tom's Deloitte University Press series reveals leading-edge thinking on analytics and cognitive technology. Connect with Tom on LinkedIn and Twitter. 

    • insights@deloitte.com
    Adnan Amjad

    Adnan Amjad

    Partner | Deloitte Risk & Financial Advisory

    Adnan is a partner in Deloitte Risk & Financial Advisory (R&FA), where he leads the Managed Services & Products business. In this role, Adnan is responsible for driving the development and implementation of MS&P’s overall business strategy and revenue target goals. Adnan’s strategic charter is to align the overall business objectives with R&FA’s financial and operational goals. His mission is to develop capabilities and technology assets that support advise, implement, and operate solutions designed to serve the distinct needs of clients. Prior to joining Deloitte, Adnan served as vice president for an energy technology and services company where he was responsible for software product management and engineering.

    • aamjad@deloitte.com
    • +1 713 982 4825

    Share article highlights

    See something interesting? Simply select text and choose how to share it:

    Email a customized link that shows your highlighted text.
    Copy a customized link that shows your highlighted text.
    Copy your highlighted text.

    The future of cybersecurity has been saved

    The future of cybersecurity has been removed

    An Article Titled The future of cybersecurity already exists in Saved items

    Invalid special characters found 
    Forgot password

    To stay logged in, change your functional cookie settings.

    OR

    Social login not available on Microsoft Edge browser at this time.

    Connect Accounts

    Connect your social accounts

    This is the first time you have logged in with a social network.

    You have previously logged in with a different account. To link your accounts, please re-authenticate.

    Log in with an existing social network:

    To connect with your existing account, please enter your password:

    OR

    Log in with an existing site account:

    To connect with your existing account, please enter your password:

    Forgot password

    Subscribe

    to receive more business insights, analysis, and perspectives from Deloitte Insights
    ✓ Link copied to clipboard
    • Contact us
    • Search jobs
    • Submit RFP
    • Subscribe to Deloitte Insights
    Follow Deloitte Insights:
    Global office directory US office locations
    US-EN Location: United States-English  
    About Deloitte
    • About Deloitte
    • Client stories
    • My Deloitte
    • Deloitte Insights
    • Email subscriptions
    • Press releases
    • Submit RFP
    • US office locations
    • Alumni
    • Global office directory
    • Newsroom
    • Dbriefs webcasts
    • Contact us
    Services
    • Tax
    • Consulting
    • Audit & Assurance
    • Deloitte Private
    • Mergers & Acquisitions
    • Risk & Financial Advisory
    • AI & Analytics
    • Cloud
    • Diversity, Equity & Inclusion
    Industries
    • Consumer
    • Energy, Resources & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • Technology, Media & Telecommunications
    Careers
    • Careers
    • Students
    • Experienced Professionals
    • Job Search
    • Life at Deloitte
    • Alumni Relations
    • About Deloitte
    • Terms of Use
    • Privacy
    • Privacy Shield
    • Cookies
    • Cookie Settings
    • Legal Information for Job Seekers
    • Labor Condition Applications
    • Do Not Sell My Personal Information

    © 2022. See Terms of Use for more information.

    Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

    Learn more about Deloitte's work for the US Olympic Committee