Manage Learn to apply best practices and optimize your operations.

Businesses are out of excuses on cyber security analytics

Major data breaches keep happening, even though businesses have security analytics tools available to them that could put a stop to the problem.

This article can also be found in the Premium Editorial Download: Business Information: A glimpse into the future reveals business apps in the cloud:

The recent spate of high-profile data breaches is a good reminder that the vast amounts of data that businesses store continues to be unsecured. Breaches have become a fact of life, and most businesses' response to the problem has been insufficient.

It doesn't have to be this way. Cybersecurity analytics has the potential to cut down on data breaches and limit the amount of valuable data hackers are able to abscond with. All it will take is a relatively small investment on the part of businesses that store data.

The matter is not trivial. The recent breach at Anthem Inc., the country's second-largest health insurance company, exposed the names, birthdates, addresses, Social Security numbers and healthcare ID numbers of potentially tens of millions of members -- everything fraudsters needs to do their work. This news was followed up by Kaspersky Lab's announcement that Russian hackers stole at least $1 billion from global banks. These two events came to light over the course of 10 days, a pace the global economy cannot sustain.

There is no way to keep every hacker out of a network, but there are ways to keep an eye on them once they're in. This is where analytics comes in. By logging and analyzing network data, organizations can identify anomalous activity and stop intruders from leaving behind malware or other malicious code that could be used in a hack.

In terms of the analytics involved, securing a network is relatively simple. Yet not enough businesses have invested in this area. This may be changing, as Forrester has predicted that information security budgets will increase during 2015 and security analytics will be central to businesses' plans. But the fact that breaches keep happening shows how far organizations need to go to catch up.

There is no way to keep every hacker out of a network, but there are ways to keep an eye on them once they're in.

It's hard not to see the current state of cybersecurity as a case of misplaced priorities. Jeff Hammerbacher, the former chief research scientist at Facebook, famously told Bloomberg Businessweek that "The best minds of my generation are thinking about how to make people click on ads. That sucks."

He's right. There's nothing sexy about making it harder for hackers to take advantage of network vulnerabilities. But if you can develop an algorithm that predicts email subject lines that will get customers to open the message and click on a link, you're a rock star. The focus among data scientists and businesses' analytics teams is on generating revenue, even at the expense of other potentially important disciplines.

Part of the problem is that it's hard to prove the return on investment from security analytics. You can't demonstrate to the CEO or the CFO how much money hackers might have stolen from you had you not acted, so it's difficult to make the case.

But looking at the aggregate is clarifying. Forrester estimates that in 2012, breaches cost the global economy $11.27 billion. That number has likely grown in recent years. That number also doesn't address the issue of reputational harm that comes from customers not trusting you with their data after you experience a breach.

Cybersecurity analytics isn't particularly challenging from a technical perspective, it can save businesses billions and it's the right thing to do for customers. Businesses are out of excuses.

Next Steps

Security analytics to experience widespread adoption by 2016

Prove your knowledge of security analytics

Five security analytics reports to run daily

Cybersecurity analytics, information security monitoring for the digital age

This was last published in February 2015

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Trend watch: Data management and business intelligence technologies

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Are you planning to utilize cybersecurity analytics?
Cancel
When enterprises dismiss security analytics based on its vague ROI, what message are they sending to customers who stand to have their personal information exposed?
Cancel
"Cyber security analytics isn't particularly challenging from a technical perspective" <- this is the dumbest thing I've seen in print for the entire last month [sorry, cannot resist!]
Cancel

-ADS BY GOOGLE

SearchDataManagement

SearchAWS

SearchContentManagement

SearchCRM

SearchOracle

SearchSAP

SearchSQLServer

SearchSalesforce

Close