Data analytics is very useful in preventing deep fakes and overall improvement of the security landscape, however, one of the biggest challenges remains the amount of false positives.
What is the biggest challenge and benefit of data analytics in terms of cyber security?
Data analytics has proven to be very useful in cyber security in a number of ways by identifying vulnerabilities, preventing intrusions, detecting attacks , responding to incidents and improving the security landscape. Some of the areas we see the use of data analytics are around analysing network traffic, forensics, identifying indicators of compromise or studying large volumes of logging information to detect anomalies and in identifying/preventing social engineering and deep fake incidents. The use of analytics to study patterns and trends can also help with building predictive capabilities and thereby strengthening preventive controls or response actions. User and entity behaviour analytics help in several use cases of insider threat detection. Data analytics augmented by AI / ML technologies can further provide more value by augmenting data-driven decision-making, improving response actions and reducing response times. One of the biggest challenges that limit us getting the maximum value from data analytics in cyber security is the availability of people with hybrid skills primarily those with both data science skills and security specialisation, who can analyse data and tune use cases with the right context to provide more useful and accurate actions. Another data challenge that often impacts analytical capabilities is noise via the amount of false positives generated by current security tools and their heuristic algorithms. Identifying and discarding false positives and then analysing data for more robust analysis can be quite daunting and is one of the biggest challenges faced by security professionals dealing with large amounts of data.
How have the strategies for data protection responded to the new remote working environments?
While data protection remains important to organisations, the shift towards large scale remote working since the pandemic has challenged enterprises to think differently about data security in more ways than before. The increased overlapping of boundaries between personal and work spaces, has brought forward unforeseen challenges. Employees are seen switching between personal and company devices, using company devices for personal work, having meetings outside of secure and ring fenced office spaces etc., has resulted in increased exposure to risks like phishing attacks, clicking on unfamiliar links, downloading unsafe software with potential vulnerabilities, storing data on personal devices, cyber sniffing etc. It has therefore become increasingly important for organisations to create awareness of required standards of data classification, collection, role-based identity & access management, encryption, storage and other good cyber protection best practices & enabling behaviours towards cyber hygiene. A well-defined remote working policy that addresses device security, data classification, access and storage has become the need of the hour in this time and age. Further, embedding cyber safe behaviours & mindsets and improving continuous learning from incidents have become crucial.
What challenges do data privacy and customer protection laws bring in terms of cyber security?
Data breaches costs companies in multiple ways as they pay the threat actors to gain access back to their data, regulatory fines caused by the breach or compensation to customers at times. There is an increasing trend towards safeguarding user privacy and upholding principles of informed consent. But the more damaging impact a breach can cause is on the company’s reputation leading to erosion of shareholder value and customer attrition. The biggest challenge that regulations on data privacy and customer protection introduces for security professionals is therefore to protect data sources from the constantly evolving threat actors, attack techniques and vulnerabilities being exploited. Knowing the data sources, having visibility into them and protecting them by embedding the right security controls (and procedures) should continue to remain a key focus for cyber security teams.
Joyce RODRIGUEZ, Head of Cyber Threat Prevention at Shell is a leader with 18+ years of global experience in designing and delivering digital solutions, new (agile/DevOps) ways of working across IT Infrastructure and Application delivery, leading technology transformations for large enterprises in various management consulting and delivery leadership roles across industries. In her current role, she leads the Cyber Threat Prevention capabilities at Shell that include Threat Intelligence Analysis, Threat Hunting, Advanced Analytics, Red Teaming, Vulnerability Management, Penetration Testing, Security & Content Engineering for building detection use cases and Technical Advisory on security policy enforcements and mitigation.