James Phillippe, Cyber Threat Management Leader at EY US, explains how analytics can help bolster the cyber defenses of financial services organizations.
As the volume of data being managed by banks today becomes ever greater, the danger posed by cyber attacks from fraudsters, hacktivists, organized crime groups and even unfriendly nation states continues to grow.
At the moment, banks are taking a reactive approach. They conduct forensic analysis on their systems, data and networks to determine where weaknesses may persist or where threats or breaches have occurred.
However, they need to become proactive. They can do this by including big data analytics as part of a broader threat management program.
This can help an organization to identify trends and patterns in behavior, enabling them to better understand the threats they face, establish early detection and make informed decisions.
EY’s recent Global Information Security Survey report explores how organizations are using this cyber threat intelligence capability. It concludes that there is still work to be done.
While financial institutions move to a proactive approach, based on harnessing big data better, they face other important data considerations. In summary, these institutions need to:
- Modernize IT infrastructure. Many banks are seeking to make their data more accessible, not least to meet new regulatory requirements. Therefore, they are grappling with the challenge of modernizing outdated IT infrastructure and simplifying fragmented architecture. They need to expedite this process to improve cybersecurity analytics. The modernization program must include strengthening asset management capabilities. This will enhance concepts such as understanding the baseline and patch management, and help reduce time for incident response activities.
- Integrate with emerging and disruptive technologies. Banks are interacting with customers on a greater number of platforms as the use of mobile technology grows. Unlike in other industries, financial services organizations must ensure that their customers have access to the latest technological advantages. This increases the “surface area” for the organizations, enabling cyber criminals to identify more ways to infiltrate the environment. To build a complete picture of how attackers are operating, analysts must be able to view data patterns across all channels in a unified way. This is a complex problem. Many new technologies outpace our abilities to assess risk properly and ensure rigorous and complete log aggregation.
- Take advantage of multiple information sources. In order to build an effective picture of their vulnerability to cyber attacks and to detect the activities of adversaries, banks must mine an enormous amount of data. Extracting useful insights requires them to examine different datasets, including external threat information, internal and external usage logs, customer information and transaction data. This enables data to be more easily correlated and compared with indicators of attack and compromise.
- Develop effective KPIs. Ultimately, management needs a simple way to gauge where the greatest risks of potential attack lie. Metrics programs must answer important questions that are developed purposively and updated as required. As analysts search for data trends that can pre-empt cyber attacks, they should create relevant key performance indicators (KPIs) that deliver a clear picture upon which business leaders can take action and gain awareness of the current risk landscape.
As with all current applications of big data, its use in identifying the existence and severity of cybersecurity threats is evolving. However, given the increasing threat posed by cyber attacks, there is no doubt that big data will need to form a key element of future organizational defense strategies.
So the next time you’re quizzed by C-suite colleagues on what’s being done to boost the organization’s cybersecurity, be sure to emphasize the role of analytics.