The Information Security Forum (ISF) has released a report that claims ‘big data’ analytics has the potential to cut the growing number of cyber security risks and increase business agility. The trade body says in the research entitled ‘Data Analytics for Information Security – From Hindsight to Insight’ that the ability to use big computing power to examine trends, consumer and employee usage patterns across media and powerful analytics to quickly predict suspicious activity earlier than is presently possible, could dramatically improve information security in the future.
According to the ISF report, with data volumes growing at an alarming rate of around 2.5 million terabytes every day, the importance of big data analytics has never been greater. With its ability to comprehensively analyse large volumes of disparate and complex data, such as threats, risks and incidents, data analytics software and tools can help senior and board level executives better understand and manage their risk/reward balance in cyberspace. Such insight can lead to improved information security, greater organisational agility and better ‘cyber resilience’, says the ISF.
Yet despite the huge potential for big data analytics in information security, it is still immature and massively under-used reckons the trade body. Only half of organisations surveyed by the ISF are using some form of analytics for fraud prevention, forensics and network traffic analysis, while less than 20 per cent are using it to identify information related to subject matter requests, predict hardware failures, ensure data integrity or check data classification.
“Few organisations currently recognise the benefits for information security, yet many are already using data analytics to support their core business,” according to the chief executive at ISF, Michael de Crespigny. “With the speed and complexity of the threat landscape constantly evolving and the prevalence of combined threats, organisations need to start moving away from being retrospective and reactive towards being proactive and preventative.”
Rather than drowning in data, the ISF believes that information security functions can gain a holistic, in-depth view of risks, both internal and external, and also tap into existing analytical capabilities like fraud detection and anti-money laundering (AML) in financial services.
De Crespigny adds: “We recognise the inherent challenges of analysing big data – the huge data sets and the need for high performance computing and specialised tools – plus the really valuable insights are often buried in large volumes of results. But we also believe it’s manageable and that there are tools, solutions and services out there designed to help meet these challenges and enable businesses to see results very quickly.”