Ashley Madison: advanced analytics could have hampered hack
William Lawrence, Regional Practice Lead: Fraud and Financial Crimes at SAS Institute, says the Ashley Madison hack that made world headlines during the past week is significant on a number of fronts: “Firstly, in the past, we have typically seen high profile hacks targeting financial services and users’ personal and banking information. This case is unusual in that it did not target financial information directly. Personal information might have been targeted from a moral objection perspective, or possibly for future extortion purposes. In addition, it is interesting in terms of the potential for public support of the hackers, on moral grounds.” Lawrence notes that another significant factor is that the ‘delete profile’ feature of the site appears to have been ineffective.
The personal information of around 37 million users, including up to 175,000 South Africans, is reported to have been compromised in the attack on the Ashley Madison site for cheating spouses. The attack not only left users deeply concerned, but likely also derailed the company’s plans to list in the near future.
Lawrence says preliminary reports indicate that many of the site’s users were professionals – including doctors and teachers, as well as middle class ‘soccer moms’. “They may have been lulled into a false sense of security by the site’s security credentials. But this case illustrates that secure payment gateways, firewalls and anti-virus are not enough to secure customer information – particularly when there are millions of customers using a site.”
He notes that hackers can target websites and company data in any number of ways – not just via the website. “Attacks can be facilitated from within the organisation too, through employees and contractors and they can take place over a lengthy period. In the attack on the US-based retailer, Home Depot, it was found that the data breach had occurred over several months. To detect anomalous behaviour involving millions of users, you need to add a layer of big data analytics to the security systems,” he says. “Traditional IT security systems are typically very rules based. But to detect anomalies amid massive traffic flows both internally and from outside the organization, you need advanced analytics capabilities to supplement existing information security systems. In a company with millions of users, you need the ability to process and analyse massive volumes of data in real time, in order to proactively identify, and put a stop to potential threats. On top of that, organisations need the right people that shape the analytics and to monitor and make sense of the alerts generated by the solution.”
Lawrence points out that hackers today are highly organised and technically sophisticated. “In all likelihood, they themselves are using advanced analytics to help them connect the dots on stolen information. Companies cannot expect to defend themselves against such attacks without effective, multi-layered security that includes advanced analytics.”
In South Africa, Lawrence says, top of mind for companies is the risk of direct financial losses. “But a case such as the Ashley Madison hack illustrates that severe damage and financial losses can occur simply because customer information is compromised. There are the risks of litigation, serious reputational damage and even the potential collapse of the company. Something like this should be making IT security professionals revisit their defences,” he says.
SAS is the leader in analytics. Through innovative analytics, business intelligence and data management software and services, SAS helps customers at more than 83,000 sites make better decisions faster. Since 1976, SAS has been giving customers around the world THE POWER TO KNOW®.