Blog

How can big data boost a firm’s information security?

With recognition growing about how the use of big data analytics can bring positive impacts to all aspects of a business, more companies are exploring how they can use the technology to protect their assets and react quickly to emerging threats, as well as boost areas such as customer engagement.

This could be especially important as security threats have been much in the news of late, with incidents ranging from the theft of millions of consumer financial details at US retailer Target to the leaked emails that caused so much damage to the reputation of Sony Pictures.

But one former chief information security officer (CISO) has said the information security landscape stands to be revolutionised by advanced big data analytics tools that can give firms much better insight into potential threats.

Speaking at the 2015 SecureWorld conference, IT security researcher and strategist for Los Angeles-based Blue Lava Consulting Demetrios Lazarikos detailed the steps taken when he was CISO for retailer Sears to integrate analytics closely into the firm's processes.

TechTarget reports that the company developed a security data correlation and risk engine that saw all the firm's data routed into a single big data-driven security system. This was said to have led to "impressive results" in a short space of time.

Under the previous system, it could take a team of ten people up to 12 hours to look at a security alert and figure out what had occurred and what, if anything, needed to be done about it. But with the big data analytics system in place, two people could do the same job in just ten minutes.

The insight gained by the initiative also highlighted some surprising trends that world not have been obvious otherwise, which the company was able to factor in to its monitoring and alert processes moving forward. 

For example, Sears learned that if searches for women's shoes or clothing originate from more than three different source countries at the same time, it is an indicator that a DDoS attack is in the works. 

Another key indicator of malicious activity is if loyalty bonus sign-up forms were being filled in at a rate far faster than human customers could achieve. This shows that the company is being targeted by bots and enables it to respond appropriately before any damage can be done.

One of the biggest lessons learned from this – which other firms may need to take note of – is that information security personnel should not be working in isolation, as a large number of their activities overlap with fraud teams.

In many scenarios, what begins as a security issue will cross over into becoming a fraud problem if it proves to be successful, so close collaboration between these units will be essential.

Mr Lazarikos also said this close relationship also needs to extend to the boardroom, as getting buy-in from the executive suite should be a top priority for any big data security initiative.