Can big data predict the next cyber attack?

Analyzing big data can help raise the alarm in real time when something out of the ordinary is happening, as may be the case in a security breach.

IDF cyber warfare room 370 (photo credit: Courtesy IDF)
IDF cyber warfare room 370
(photo credit: Courtesy IDF)
LAS VEGAS – The battle to secure private data, whether financial information or intellectual property, may be won through big data analysis.
That, at any rate is what Bob Griffin, cyber security firm RSA’s chief security architect, thinks.
“The ability to take massive volumes of information and to get intelligence out of it is going to fundamentally change what we are doing as security professionals,” Griffin told The Jerusalem Post at the annual event of RSA’s parent company EMC in Las Vegas last week.
As technology develops, he said, new areas of security risk emerge, such as how to secure data stored off-site – in the cloud. But so does the ability to track everything from number of login attempts to how valuable assets are accessed.
Analyzing such information can help raise the alarm in real time when something out of the ordinary is happening, as may be the case in a security breach.
“There are things that we as human intellects have trouble abstracting out of data,” Griffin said. “Big data analysis can say, ‘There are these patterns in the information, the good patterns and the anomalies.’”
Cyber crime costs people and businesses billions of dollars each year.
According to Interpol estimates, in 2007 and 2008 the cost of cyber crime worldwide was about $8 billion, while up to $1 trillion worth of intellectual property was snatched in corporate cyber espionage. Norton’s 2012 Cyber crime Report calculated the direct costs of global consumer cyber crime at $110b. The indirect costs they calculated for the previous year (including lost time and effort) added up to $274b.
As a result, the need for innovative cyber security is ballooning.
According to Griffin, RSA – which has acquired Israeli start-ups in the past and has offices in Israel – will likely continue looking for Israeli innovation in the field.
“Israel’s investment in that area is of huge value and one that I do hope will continue,” he said. “I’m sure there will be [more Israeli start-ups acquisitions].”
It is no coincidence that RSA is looking to big data. EMC’s business focuses on data storage and analysis, and sees the future of tech as using large quantities of information, increasingly captured through mobile devices and stored in the cloud, to help shape businesses.
Big data’s big benefits, however, raise new concerns about privacy as well.
“Security and privacy have to work together in order to be effective. When they come into conflict, the question is what information on the personal level can we use to deal with security threats?” Griffin said.
Paul Maritz, CEO of RSA’s new sister company Pivotal that focuses on big data, argues that if companies that collect data are upfront with how they’re going to use it and allow users to opt in or opt out, it will go a long way to assuage fears.
“Privacy is always going to be an issue. Part of the solution is informed consent,” he said.
EMC’s Global Service CTO Bill Schmarzo, however, said that big data creates new dilemmas in the field of privacy.
Wearable technology, such as fitness bands, can detect people’s vital signs, which big data analysis may be able to use to detect when people are getting sick.
“When Apple and Google know you’re gonna get sick before you do, how do you manage that?” asks Schmarzo.