The future of cybersecurity
Analytics and automation are the next frontier
Cyber threats are growing in number and strength and the future of cybersecurity is looking ever more complex and challenging. Organizations are therefore turning to analytics and automation to aid cyber specialists in their job.
While cybersecurity can be a complex and challenging field, some aspects of it are all too clear. The number of threats to large organizations is growing rapidly, as is the number of bad actors who create them and the number of systems at risk from cyberattacks. Statista, a statistics portal, estimates that there are 22.9 billion connected devices in 2016, and predicts they will grow to 50 billion by 2020.1 The Internet of Things (IoT) will create massive needs and problems for cybersecurity as millions of devices come online. Data breaches are increasing, according to one report, by 85 percent a year, and in 2016, half a billion personal records were stolen or lost.2 How can organizations possibly keep up with such a scary growth trajectory?
In other domains of business that are subject to massive numbers of entities, a typical approach is to employ analytics and automation. These tools identify the most important events and entities. In customer analytics, for example, the normal approach is to segment customers by their value, focus on the most important ones, and predict what those customers are likely to buy. Automated offers can be customized to each customer’s preferences.
The same technologies can rescue cybersecurity from its growing problems. There are not enough cyber specialists in organizations to deal with the number of threats today, and the imbalance will likely become much worse. Cybersecurity is too often reactive to hacks and breaches, with actions only taken after (sometimes long after) a problem has occurred. The technology most commonly used to address cyberattacks employs “threat signatures” based on patterns of previous attacks. But these approaches are of limited value in preventing new types of attacks.
A promising solution is to employ analytics to predict and screen threats and to take some automated corrective actions. Given the sensitivity of cybersecurity issues, there is also no doubt that humans will still be necessary to confirm and investigate threats, particularly when they are internal. But their jobs will be made much easier and more productive with some help from technology.
The analytical and automated future of cybersecurity is already here, but it’s very unevenly distributed. Academic researchers at Carnegie Mellon, for example, have employed the attributes of web servers (software used, keywords present, and so on) as variables to predict how likely a server is to be hacked.3 Their model successfully predicted 66 percent of future hacks, with a 17 percent false positive rate. This sort of predictive power would allow organizations to focus security efforts on the technology environments most likely to be targeted.
Other predictive and real-time approaches are beginning to emerge from software vendors. The same software and modeling approaches used to identify credit card fraud—a form of anomaly detection—are being applied to behaviors in cybersecurity attacks.4 These approaches can identify emerging anomalies much faster than using threat signatures, and may be able to prevent substantial breaches before they occur.
If the current frontier of cybersecurity is predictive analytics, the next one involves automated actions. A recently concluded DARPA (Defense Advanced Research Projects Agency) competition asked developers to submit automated programs for detecting attacks and intrusions, identifying flaws, and fixing them, all without human intervention.5 The competition (and two million dollars) was won by a Carnegie Mellon spinout called ForAllSecure, although their autonomous system later finished last in a contest with human cybersecurity analysts. But as with other autonomous software, automated cybersecurity solutions are expected to get better over time.
Of course, technology will never solve all cybersecurity problems. Some automated actions can be undertaken; but in many cases, organizations will want to investigate problems identified by analytics before taking corrective action. The investigation requires research, testing, and perhaps even interviews for internal threats—all of which involve human experts. This means that the most effective cybersecurity environments will be complex hybrids of human and machine intelligence, and that the handoffs between automated and analytics-driven alerts and human interventions will be extremely important for effective security.
It will also require a well-defined process for identifying, screening, and acting on threats that clearly defines roles for smart machines and capable humans. The process must not only identify and qualify threats, but also take rapid action on them. That's not easy with an overwhelming number of threats, but analytics-based prioritization can help.
We are not describing a future scenario, but rather the early stages of a present one. Organizations in both public and private sectors today are using analytics and—to a lesser degree—automation to improve their cybersecurity programs. There may be some doubt about when such technical capabilities will be fully mature, but let there be none about their necessity and the likelihood of their adoption.
Written By: Tom Davenport, Adnan Amjad
* This article was originally published by Deloitte University Press on September 26, 2016.
Associate Director (Pre-Sales) at Tata Communications
8 年The organizations are looking at 'what is needed?' and 'what can be afforded?'. This was predicted in a Gartner report. In reactive methods, detection and response mechanism should improve and in proactive methods, AI should be used. This article tells about using analytics and automation technologies to predict the attacks. This is a good addition of information. Thus, automation, analytics and AI will together create foolproof cyber security.
Precision Wellness Coach and Influencer
8 年Endpoint protection software that can identify zero day attacks, stop them, and capture the malware forensics is a promising aspect of the automation and capable humans model. Digital Immunity has that.
Silicon Valley VCs-Trillion $ Wall Street Hedge Funds-Pentagon Joint Chiefs-Boards-CEOs Leader: MIT-Princeton AI-Quantum Finance Faculty-SME: R&D Impact among AI-Quant Finance Nobel Laureates: NSF-UN HQ Advisor
8 年"If the current frontier of cyber-security is predictive analytics, the next one involves automated actions." The "next" frontier is already here: in many of the real-world cyber-security and cyber-risk management technologies of offensive and defensive cyber-security that already involve "automated actions" of containing most critical cyber-threats and mitigating cyber-risk. The "next to next" frontier, as in the case of global financial risk management, is already shaping up in the practices of 'anticipatory' offensive and defensive cyber-security risk management. Our original applied research and its global applications in practice applied and recommended by worldwide firms and governments started since mid- to late-1990s on this specific focus with related interviews in business and IT press such as WSJ and CIO. Our recent invited research presentations at conferences such as those sponsored by Princeton University and the Office of the Governor of New York State represent examples of some of the latest real world applications of the "next to next" frontiers of both cyber-risk management and financial risk management.
Independent Information Technology and Services Professional
8 年To help close the gap between attacker and defender, prototype the use of IBM Watson and cognitive computing in order to anticipate and avoid Cyber attacks by exploiting information sharing of global threat feeds from both industrial and government sources; much expanded horizon for situational awareness and Cyber Intelligence; well correlated metrics on the leading indicators of outcomes, bad actors, and consequences; and detecting cascade triggers capable of triggering butterfly effects. 1. Outcomes include unauthorized access, loss of data, tampering with data, erosion of performance, and denial of service. 2. Bad actors include inadvertent actor, disgruntled employee, hacker, corporate spy, criminal, terrorist, organized crime, and nation state. 3. Consequences include cleanup, lost opportunity, recovery, loss of trust, loss of availability, and loss of privacy.
Manager Infosec GenAI | Masters in Artificial Intelligence | ex-Gojek | ex-BSEIndia | Cloud Security | Secure Code Review | S-SDLC enabler
8 年With analytics technology will move towards AI and with that technology will become capable enough to take decision on its own. And yes analytics and automation will go hand in hand. Great job Tom Davenport.