Why Cybersecurity is a Data Problem

The SolarWinds hack, first detected in December 2020 and referred to as “the largest and most sophisticated attack the world has ever seen” by the president of Microsoft, was a watershed moment in cybersecurity. Hundreds of organizations, including Fortune 500 companies and government agencies, were affected, with sensitive data compromised. A year on, a major study conducted by Splunk has found that 78% of companies expect the same thing to happen again.

It’s widely acknowledged that the Covid-19 pandemic has exacerbated the problems of information security experts. A major factor is the increased surface area that's open to attacks due to the accelerated rate of digitization that companies are going through. Large workforces working remotely means more connections that must be secured and a greater need for authentication. Both factors mean new vulnerabilities for attackers to probe and potentially exploit.

Data is at the heart of cybersecurity, being both the prize that malicious actors are after, as well as a potent tool for those whose job it is to thwart them. For this reason, security is an essential aspect of any data strategy. This means developing a solid understanding not just of what data your organization has but how it can use data to shore up its defences and prevent itself from becoming one of the growing number of organizations that falls victim to data breaches.

According to Simon Davies, Splunk’s Vice President for the APAC region, cybersecurity has evolved from an IT concern to a business-wide priority that has to be tackled at the executive level. This has been driven by three principal factors – complexity, consistency, and cost.

Particularly at enterprise and mid-level businesses, the complexity of IT infrastructure has increased exponentially as more and more functions undergo digitization. At the same time, when employees increasingly need to connect to a growing number of systems remotely – some of which may in the past have been entirely manual, such as logging working time or interacting with HR departments – there's a growing need for consistency of user experience and access. And, of course, this all has cost implications. For many companies, cost is a motivator when it comes to migrating infrastructure to the cloud, but this migration creates a need to maintain visibility and secure points of contact between cloud and on-premises systems, which doesn’t come for free!

Davies tells me, "With the onset of the pandemic, we saw a rapid acceleration of digitization across industries… but with that came risk. You have a lot less visibility into your security ecosystem, less control over access points and you’re relying heavily on third parties and external service providers to support you. All these factors create more surface area and more risk for security breaches.”

All of this has led to a growing realization that security needs to be considered in the same way as any data initiative. What data do we need to solve the challenge? How do we collect, store and analyze the data? Finally, how do we put the insights into action and learn from our experience – with the aim of automating the process so we can be sure it’s consistently executed in the most effective and least time-consuming and wasteful manner.

Of the 500-plus respondents to Splunk's survey, 84% said their organization had suffered a significant security incident in the past two years, with the largest individual incident type being compromised email security. Data breaches, malware attacks via mobile apps, distributed denial of service (DDoS) attacks, phishing, and ransomware were other incidents that frequently caused issues.

Supply chain vulnerabilities are also seen as a problem; however, just a worryingly low 23% say they have reassessed their policies around third-party vendor management in the fallout of the SolarWinds attacks. Undoubtedly this comes down to workloads, which security professionals have seen grow significantly thanks to the factors already covered here.

So how is data critical to cybersecurity? In practice, it fills several functions. Behavioral data – such as the actions and interactions of users on your network – is used to establish levels of "normal" activity, which can then be used to highlight outliers that could be a sign that something odd is going on. If a user is accessing systems or data from an IP that seems to originate in a part of the world where they are not usually operating, it can raise red flags. But as more of us are working remotely and perhaps from different locations than usual, it isn’t always that simple to identify.

Machine learning can be helpful here, as it's able to correlate many different factors and draw up a more accurate picture of which activity is simply unusual and what might constitute a serious threat that requires remedy. And, of course, data is the fuel of machine learning - the more that algorithms know, the more accurate they will be at understanding and classifying behavior.

Davies tells me, "If you think about the amount of 'digital exhaust' that gets generated by organizations – every login attempt on a website, every interaction on a mobile app- data is being generated. Being able to digest all these data and understand what is going on becomes critical for threat hunters. That’s where machine learning can really assist.”

When companies look to Splunk to help with their data security issues, it employs a framework it calls the Prescriptive Value Pass. Critically, as well as assessing the hardware and software infrastructure to identify vulnerabilities, it also involves a review of the staffing and training infrastructure, which can be just as important.

All of this helps achieve the essential objective of building a comprehensive, 360-degree view of an organization's data, as well as the touchpoints it moves through as it’s copied and pasted across an increasing number of business functions by companies working towards holistic, heterogeneous data strategies.

You can read Splunk’s full report into The State of Cyber Security in 2021 here. You will also get the chance to hear more from Simon Davies and many other speakers (including Star Wars legend Mark Hamill!) at .conf, taking place from October 19 to October 21.

Thank you for reading my post.?Here?at LinkedIn?and at?Forbes?I regularly write about management and technology trends. To read my future?posts simply?join my network here?or click 'Follow'. Also feel free to connect with me via?Twitter,??Facebook,?Instagram,?Slideshare?or?YouTube.

About Bernard Marr

Bernard Marr?is a world-renowned futurist, influencer and thought leader in the field of business and technology. He is the author of 18 best-selling books, writes a regular column for Forbes and advises and coaches many of the world’s best-known organisations. He has over 2 million social media followers and was ranked by LinkedIn as one of the top 5 business influencers in the world and the No 1 influencer in the UK.