Big data: Making cybersecurity dynamic

Big data has been a major catalyst for several fields and disciplines, as it enables automated, streamlined decision-making processes based on an extensive collection of data mapped from a myriad of sources. Gartner predicts that "by 2022, 90% of organizational strategies will explicitly mention information as a critical enterprise asset and analytics as an essential competency." This statistic is reflective of the growing market for big data analytics, which is expected to reach $549.73 billion by 2028.

Big data can be characterized according to the 5 Vs:

• Volume: The amount of data relating to an entity that is collected by several systems.
• Veracity: The authenticity of the data collected from different sources, as mapping of data from multiple sources can be prone to inconsistencies.
• Velocity: The rate at which data is collected and processed for streaming.
• Variety: The ability of a source to collect data in its different forms: structured, unstructured, and semi-structured.
• Value: The ability of analytical systems to infer conclusions from copious amounts of data.

Apart from customer engagement, big data has had wider applications in any discipline that requires predictive modeling. Predictive modeling is used to identify a pattern of outcomes that pertain to an entity or derive meaningful insights from a larger pool of data spanning across various mediums and formats. The most predominant types of big data that are mined from individuals or entities include:

• Customer data: Contributes to creating a granular customer profile that consists of generic information (name, date of birth, contact information) to more behavior-specific information (purchase history, interests) collected from a variety of sources.
• Financial data: Helps organizations review their overall performance and make further improvements based on the data. Financial data consists of operational costs, overhead, revenue, etc.
• Operational data: Refers to the data pertaining to the customer-facing end of an organization. Operational data also relates to customer feedback, inventory, and purchase-related entities.

Big data technologies are software solutions that combine data extraction, data processing, data storing, data visualization, and data accessibility to derive insights.

How can big data analytics combat cybercrime

The adage "data is the new oil" has never been so true. Data breaches continue to expand in type and frequency along with the increase in the abundance of personal data in online forums. Additionally, the COVID-19 pandemic has further complicated existing cybersecurity systems with the decentralization of security perimeters in organizational networks.

Early cyberattack detection continues to be a challenge due to the ever-changing sophistication of cyberattacks. This is where the potential of big-data-based analytics in cybersecurity comes into play. Big-data-based analytics can impact the following areas of cybersecurity:

Behavioral analysis: With the introduction of behavior-based tools like UEBA and SIEM that monitor key events contributing to a user or device's digital footprint (log information, for instance), big data can act as a catalyst for bolstering cybersecurity operations. Due to the influx of unstructured data flowing into the network, it is important to filter out malicious traffic using predictive ML-based algorithms to map signature patterns of attacks among other characteristics. Pinning down the unpredictable nature of cyberattacks is more effective when organizations move from descriptive analytics of cybersecurity to predictive analytics.

Results obtained by behavioral analysis help IT security professionals notify even the most minute activity-related deviations exhibited by users within the network. This helps in curbing clandestine cyberthreats such as APT attacks. Moreover, predictive algorithms can automate tedious tasks such as data collection, processing, and mapping, which empowers IT security professionals to instead focus their attention on more complex tasks.

Digital forensics: Tracing back to the genesis of a cyberattack constitutes a major part of an incident response plan. With the threat surface expanding following the pandemic-induced remote and hybrid networks, coupled with the emergence of BYOD, cybercrime investigation has become more complicated. Data analysis tools can provide investigators with highly detailed insights on a user's online behavior.

Advanced intrusion detection systems (IDSs): To deal with sifting a larger inflow of data into networks, IDS tools must scale up to implement data-aware policies to mine copious amounts of incoming traffic. IDSs use three techniques to detect unauthorized traffic:

• Signature-based detection: Detects cyberattacks using a known set of patterns or signatures that are stored in the IDS repository. For more dynamic prevention, it is important for the IDS database to be constantly updated with information regarding the new variants of attacks.
• Anomaly-based detection: Compares normal online activity with supposedly abhorrent deviations that fall out of routine operation. Although anomaly-based detection is effective against zero-day threats, its operation can be prone to inaccuracies, which has contributed to its high false-positive rate.
• Hybrid detection: Refers to the combination of the two above techniques, which is used to overcome the disadvantages posed by each technique.

The frequency of false positives raised by IDSs can be mitigated by including a pre-processing tool based on big data techniques and machine learning, which can automate the upgrade and scaling of such systems.

Why cybersecurity needs big data

Because cyberattacks have major consequences on the global supply chain, it is important for cybersecurity systems to be adaptive. Big data technologies have proven to be efficient in mapping an exhaustive profiling of entities and can provide security professionals with a comprehensive view of a network's adversaries.