Predictive Cybersecurity: Out with Garbage, In with Data
The answer to email cybersecurity threats isn't simple. The email threat vector is complex, and your company's on-premises and DIY security solutions aren't always enough against the determined and advanced cybercriminal.
Achieving truly proactive protection could require the adoption of predictive big data analytics at the security vendor level, using a mix of vendor and client data, open source data (OSINT), and email meta-data to try and predict the source and outcome of the next big hacking or spear-phishing attempt.
Achieving truly proactive protection could require the adoption of predictive big data analytics at the security vendor level, using a mix of vendor and client data, open source data and email meta-data.
Email malware attacks remain high, and Verizon’s 2016 Data Breach Investigations Report revealed 30% of phishing messages were opened, up 7% on last year. A further 13% of those who opened the message, also opened the attachment leading to malware deployment. . Educating your staff to act as a "human firewall" against threats is critical, but it's not foolproof.
Big data analytics hold the potential for organizations to identify emerging threats in real-time. With sufficient access to data, it's possible to discover patterns in attacks against organizations by location, size, industry, or any number of other firmographic factors. With the help of truly forward-looking analysis, security vendors can adjust their defense methods before cyber criminals click "send" on malicious email messages. While this may sound farfetched, the technology exists today to detect attacks a soon as they are launched. We are only a matter of milliseconds away from advancing this detection to being before the attack is launched.
Leveraging Big Data to Predict Cyber-Attacks: How It's Possible
Fortinet predicts as a future filled with malware designed to "bypass advanced security protection systems," including state-of-the-art on-premises solutions. Ultimately, the issue with DIY threat protection is something everyone learned in their first coding class: garbage in, garbage out. Your organization's security data asset aren't garbage, but they're not big enough to notice an increase in risk based on global or industry-wide patterns. Data sets must be big enough to reveal definitive, real-time conclusions about emerging threats.
Large-scale cybersecurity companies will need to step up to the plate. A combination of big data, OSINT and email metadata can be used to predict, with accuracy, patterns in email attacks by region, industry, or company. A global view will be critical to identify probability of email threats, as well as DDoS and IP-based attacks. Predictive analytics is the art of identifying emerging patterns, such as a spike in abnormal traffic patterns in a category of IP addresses, or a sudden surge in malicious traffic that's targeting mid-sized businesses in the finance industry.
Why Security and Cloud Providers Must Step Up
The idea of strength in big data for effective prediction is the basis of open threat exchanges. However, the issue here isn't with the strength or volume of information gleaned from threat exchange, it's with the ability to execute. The idea of global predictive analytics could perform best if it's led by security providers who deal in cloud services.
Vendors must join forces to get in front of the quickly-evolving email threat landscape. When the "good guys" work together to share intelligence data and provide secure services, there's a remarkably high potential for results. With a combination of provider data, customer insights, and open-source resources, collaborative multi-vendor could actually result in a strong front against criminals.
Security pros know the value of taking a proactive, not reactive, approach to protection. However, if your on-premise options aren't sufficient and your data isn't broad enough to reveal patterns, your predictive analytics may just be capturing the shadows of threat patterns. Protection in the future could shift squarely into the hands of security and cloud services vendors, who have the access and ability to act as the ultimate firewall against threats that are emerging in real-time.