Main image of article Big Data: The Key to Better Cybersecurity?
The challenges surrounding cybersecurity keep getting more complex, forcing security experts to constantly boost their knowledge in order to defend their systems. The number of potential security holes has also multiplied: whereas in previous years a security team would only have to secure an on-premises datacenter with a few entry points, vulnerable technology today includes everything from smartphones and wearables to cars. And it’s not only end users who are under attack, pointed out James Stanger, senior director of products for the technology trade group CompTIA. “Attackers are more and more entrepreneurial,” he said. “They’re offering hacks as a Software-as-a-Solution and denial of service attacks for hire.” The increasing sophistication and volume of attacks has security professionals playing a constant game of catch-up, as they respond to new styles of attack mounted by hackers who study defenses in detail before pulling the trigger. If that wasn’t challenging enough, the cybersecurity business faces significant cost pressures as customers become more cost-conscious. “Hacks have been getting worse, though more money is being spent on security,” Stanger said. In addition, the spread of cloud computing has impacted the efficacy of the firewall in some cases, leading security teams to shift to strategies based on analyzing user and network behavior. The trend toward using analytics to defend computer systems has “been gathering steam for some time,” Stanger added. Although there’s no consensus on the status of such efforts, most experts think this growing sub-industry still has a long way to go. Jack Phillips, CEO of the International Institute for Analytics in Portland, OR, believes that “we’re in the third or fourth inning” when it comes to the role that data specialists are playing in cybersecurity. However, Phillips noted, “you could say that about a lot of industries.” What makes security a unique challenge for data specialists is that “the enemy in security is so different than their counterparties in other areas.” A cybersecurity expert is always playing defense; the question is whether that defense is enough to keep attacks and vulnerabilities perpetually in check.

Is Security Sexy Enough?

Nobody is suggesting the use of data in cyber-defense is any kind of magic bullet. “It’s not like we’re dropping firewalls, credentials and traditional approaches,” Stanger said. “But those are just table stakes now. Today, the question is how do you anticipate and manage an increasingly fluid series of attacks?” As their security teams try to wrestle that question to the ground, employers face a second challenge: Where do they find the professionals who have the skills to defend their infrastructure? When it comes to data scientists in general, “there’s no question that the shortage is epic,” Phillips said. Executives could say the same thing about security expertise. When it comes to finding data scientists who specialize in security, the hunt gets even tougher. “Data scientists don’t see security as the prime space, or even a major win,” Phillips explained. “There’s so much demand in so many industries, they think there are more interesting things to do.” That’s why companies such as Symantec and Cisco, who make security a part of their business, try to present data specialists with unique opportunities. “There will be an absolute need for data science in security,” said Stu Bradley, vice president of cybersecurity solutions for analytics software and solutions provider SAS. “Security is getting much more complex and there’s a talent shortage. Analytics in machine learning can help overcome these issues. I can certainly see a time when there are data scientists dedicated to security.”

What Security Specialists Need to Learn

While Phillips contends that those security-minded data specialists will remain a rare breed, Stanger sees data expertise becoming part of every security professional’s toolkit. That expectation is behind CompTIA’s February 2017 launch of its Cybersecurity Analyst+, or “CSA+,” credential. “The certification is about becoming a security professional who can read data,” Stanger said. “Do you recognize what a scan looks like? Or a denial of service attack? It’s more about reading the algorithms than building them.” Stanger suggests that CSA+ was designed for network engineers or tech pros “who wear a lot of hats at small companies,” as well as security analysts in large organizations. Candidates for the credential may already have CompTIA Security+ level knowledge to build on, he added. “We’ve had a series of wake-up calls, bigger DoS and phishing attacks,” Stanger observed. Like Bradley and Phillips, he views studying behaviors through analytics as a critical line of defense. “We not only have a shortage of security people, but analytics people, too,” Bradley added. “That’s what makes this important.”