In many ways, fighting cybercrime is a lot like playing “Whack-A-Mole,” the ever popular arcade game. For every threat that is discovered and dealt with, a new one
— or several new threats — pop up elsewhere. It’s an ongoing battle to try and stay one step ahead of cybercriminals and prevent them from doing their devious deeds, and one that doesn’t show any signs of abating.
Undoubtedly, we have certainly come a very long way in the fight against cybercrime, and developed an impressive array of technological tools that stop hackers in their tracks, there is a growing sentiment that we need to do even more to stop the bad guys, and that success may not come in the form of new software. Rather, there’s a growing sentiment that the key to cybersecurity and fighting cybercrime actually lies in data science.
What Is Data Science?
While the idea of extracting information and insights from data isn’t necessarily a new one, the idea of data science as an independent discipline is. The term “data science” goes back to the 1970s, but at that time, it was often used interchangeably with computer science and referred primary to the use of computers as a means of collecting and analyzing data. Over the next two decades, the field grew to encompass a wider range of analytical techniques and applications, but it’s really only been within the last decade that the field has truly gained momentum, in concert with the concept of big data.
With that in mind, today, data science refers to the use of multiple processes and systems to learn more from collected information. The study of data science includes concepts from statistics, mathematics, pattern recognition and learning, machine learning, probability models, algorithm development, and more, and has grown to include degree programs in data science, academic journals, and more. In a typical cycle, raw data is collected, processed, analyzed, interpreted via algorithms and models, and finally reported on for the purpose of making recommendations and producing what’s known as the “data product.”
Using Data in Cybersecurity
So how does this “data product” play into cybersecurity?
The idea of using data for security began in the banking industry. British bank RSA pioneered the concept of data science for security when it began using machine learning to identify possible fraud cases. At the risk of oversimplifying the process, the RSA system used big data to identify 20 different fraud factors, specific combinations based on 150 fraud risk features. Whenever a customer initiates a transaction, the features of that transaction are compared against the different combinations to produce a score indicating the likelihood of the transaction being fraudulent. By comparing the score to existing patterns of fraudulent activity, security teams can identify and stop fraud before it happens.
This same concept is extending to overall cybersecurity, with security teams analyzing network data against known patterns and using algorithms to identify suspicious patterns of behavior. In fact, this form of security has so much potential that the National Institute of Standards and Technology has even developed a framework for incorporating data science into cybersecurity. Called the Framework for Critical Infrastructure Technology, this plan consists of five major points:
- Identifying the assets at risk, and the consequences of the breach. By ranking your assets according to the probability of an attack and the consequences of the attack, you are better able to develop a quantitative model of behavior and what needs to be analyzed.
- Protecting the information. Typically, this has meant using tools such as firewalls, but in a data science sense, this means developing algorithms and identifying the patterns to develop specific signatures to block.
- Detecting intruders. This means developing a rule-based expert system that can identify problems within the network, and trigger a response.
- Responding to intruders. While a response to a breach (defect in the system) isn’t necessarily something that can be addressed using data science, data scientists can use the information from the response to analyze not only the effectiveness of the response, but the cause of the defect.
- Recover the business. Finally, again, data science isn’t typically all that involved in this phase, but there are lessons to be learned. Data scientists can be involved in resilience and business continuity, which are often the most important aspects of a data breach.
Data science is proving to be an integral part of cybersecurity and the fight against online crime. With the right individuals on your team, with the right training, you can leverage the power of data to create stronger defenses against cybercrime, and protect your business from losses.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.