Cybersecurity: Seeing the organization through the enemy’s eyes
Short takes...on Analytics
A blog by Timothy Li, director, Deloitte & Touche LLP and Vishal Kapur, principal, Deloitte Consulting LLP
Today’s public and private sector organizations continue to grapple with the devastating results of cyber attacks. Growing in sophistication and with no signs of slowing down, cybersecurity threats come with a hefty price tag. Estimates on the cost of cyber crime to business range from $400 billion annually1 in 2015 to an anticipated $2.1 trillion by 2019.2
With so much at stake, the United States federal government has increased its commitment to thwarting cyber crime, including $19 billion in Federal resources for cybersecurity.3
Cybersecurity table stakes: Are you there yet?
In the wake of cyber breaches, the call for stronger security measures grows louder. To make progress, private and public sector organizations should consider sharing and leveraging strategies that work.
Businesses and agencies across sectors and industries should consider the multi-pronged approach recommended by the federal government, which includes:
- Coordinating and sharing relevant information on threats among and across agencies or departments
- Leveraging data monitoring and predictive analytics capabilities to both prevent and counter attacks
- Increasing security staffing and training at all levels of the organization
- Updating networks that control critical infrastructure4
Cybersecurity as a big data analytics problem
But that’s not where a proactive strategy to cyber crime should end. Mature organizations are looking to adopt a ‘big data analytics’ mindset to cybersecurity–to combine large volumes of disparate structured and unstructured data–such as application logs, usage patterns, network traffic, personnel records and network intrusion logs.
Using advanced visualization and predictive analytics techniques, organizations can build a sustainable platform to reveal relationships within these disparate data sets in real time and begin to detect patterns, identify anomalies and trigger alerts for suspicious connections that foreshadow a potential attack. Using predictive analytics to evaluate the network from an adversary’s perspective can not only help organizations address cyber threats offensively, but can also provide valuable clues to help structure a better defense long-term.
Raising the bar: Think like your adversary
Building upon the data analytics foundation, organizations can start to envision potential vulnerabilities from the attacker’s viewpoint. Examining the organization from the outside-in can provide valuable intelligence about potential cyber threats.
The goal is to answer the kinds of questions that cyber enemies will be asking themselves:
- What data is the most valuable? What’s the easiest way to access it?
- How is the network structured?
- Who has access?
- Where are the weakest links?
- What safeguards are already in place, and how can they be defeated?
Taking an outside-in look at the cyber landscape from the attacker’s perspective can help organizations identify and address potential weaknesses, vulnerabilities, and points of exposure while highlighting any unusual activity. Using analytics to predict how and where attackers are likely to strike is like holding a mirror to the organization, depicting the infrastructure, people, technology, and alliances the way a potential attacker sees them. Having this insight places the mind of the attacker within the confines of the organization, where patterns can be detected and corrective action taken when it matters most– before a breach occurs.
Putting cybersecurity to the test
From increasing coordination among agencies and departments to employing cyber reconnaissance tactics to learn how the enemy thinks, today’s organizations can monitor their would-be attackers on multiple fronts to help prevent breaches and reduce the risk of future attacks:
- Review the environment from an external (attacker’s) perspective to identify weaknesses, vulnerabilities, and likely exploitation
- Provide a non-intrusive examination of an organization’s cyber profile to identify the range of tactics, tools, and techniques that are leveraged to gain entry and persist in the enterprise
- Complement inspections to the internal cyber enterprise by visualizing the enterprise from an outside-in perspective
- Identify anomalous activity commonly hidden within the “noise” of the enterprise
- Increase awareness of attackers targeting the organization
What’s ahead for analytics and cybersecurity? Applying sophisticated technologies and methods to help interpret and defeat the tactics of cyber attackers can change the evolving cybersecurity landscape and take a bite out of the escalating cost of cyber crime.
3 The President’s Budget for Fiscal Year 2017. https://www.whitehouse.gov/omb/budget
4 Wall Street Journal, February 9, 2016. http://www.wsj.com/articles/white-house-proposes-new-cybersecurity-plan-1455012003