Situational awareness – ‘seeing’ your security gaps
Use analytics to stay three or four steps ahead of cyber criminals
Cyber threats. Cyber attacks. Cyber intrusions. No matter what you call it, the problem is the same. You need to stop cyber criminals from destroying profits and eroding the trust your customers have in your agency or financial institution. But stopping them can be difficult if you can’t see the possible entry points – the holes in your security.
Cyber criminals are always changing tactics – looking for opportunities you might have missed. So you have to view your agency or institution in the same way a possible intruder would.
Example: situational awareness
Let me use a little analogy here to show you what I mean: When you get home this evening, you lock the front and back doors. You feel pretty safe, right?
In the past, financial services organizations and government agencies have looked at cyber security as an IT problem. Today we know that we have to look at it as a risk management problem.
During the night, you hear someone walking around in your kitchen. How could he have gotten in? When you start looking around, you see that he opened an unlocked window and climbed in. And during your search, you find that you left the garage door open and you didn’t even lock the door from the garage into the house. Like cyber criminals, a would-be intruder will keep looking for a way to get in.
When you take a similar look at your security, what do you see? There are many, many possible entry points to protect – hundreds, even thousands of security systems and devices.
Mark Kagan says you have to stop reacting and become proactive. “The threats and attacks are growing too fast and sophisticated and the enemies are smart, resourceful and agile.”
How many ‘windows’?
The number of attacks have been growing nearly as fast as the volume of data that you hold. To make matters worse, the agility and sophistication of the attackers is also increasing. Threats come from foreign nations, criminal groups, hackers, hacktivists, disgruntled insiders and terrorists.
According to a recent report by Longitude Research, the most damaging cyber attacks are from phishing, botnets and mobile malware. But there are many other avenues, including:
- Denial of service
- Logic bombs
- Trojan horses
Responding to the threat
It’s estimated that 99.6 percent of all email traffic directed to government mailboxes is spam or malicious messages.
In the past, financial services organizations and government agencies have looked at cybersecurity as an IT problem. Today we know that we have to look at it as a risk management problem. So we have to shift our focus and look to our data for trends and patterns. You need a tool that can correlate data, provide analysis and warning capabilities and improve situational awareness.
Ninety percent of federal agencies and 99 of the top 100 banks use an analytics solution – SAS Analytics – for mission-critical operations and activities. And the statistical analysis and modeling used for fraud detection, financial management and human resources can be used for cybersecurity.
SAS for cybersecurity analyzes activities; uncovers vulnerabilities, threats and patterns; reveals trends and predicts future threats and attacks so you can take proactive measures to protect your data and networks.
For instance, a US military cyber defense organization is using SAS Analytics as part of a situational awareness system. The system lets analysts respond immediately to threats and more proactively defend the organization’s networks.
With analytics, you can look three or four moves ahead – find the doors and windows before the attacker does. As Kagan says, it’s time to “stop playing checkers and start playing chess.”
- Read the Ponemon Institute report: When Seconds Count: How Security Analytics Improves Cybersecurity Defenses.
- Learn more about cybersecurity solutions from SAS.
- Watch the video to learn how SAS® Security Intelligence helps protect against losses resulting from fraud and improper payments, regulatory fines, compliance breaches, as well as threats to national security and public safety.