Security Data Science: the collaborative defence needed to protect your prize assets
In 1997 Vladimir Levin stood trial for hacking Citibank’s computers to steal over $10 million dollars. This was the first high profile hack of the financial system, the data framework that underpinned the daily transfer of trillions of dollars internationally.
The FBI worked with Citibank to analyse activity across the accounts that Levin had compromised, manually interrogating the data to trace illegal transfers. The bureau applied its collective intelligence and deep understanding of crime, known as “Tradecraft”, to track and ultimately arrest Levin at London’s Stansted airport. From there, he was extradited to the US to face trial.
In the two decades since Levin’s court appearance, the business landscape has shifted dramatically. Intellectual property has become the main source of competitive advantage, and now makes up more than half the valuation of the FTSE 100. Businesses have incorporated new innovations such as remote access, employee devices and the cloud, all of which represent new attack vectors for criminals. And cybercrime is now a $1 trillion industry with highly sophisticated actors, even incorporating the resources of nation states.
While the scale and frequency of attacks has increased dramatically, defence methodology has not kept pace. Modern security analysts often mirror the FBI’s approach in the nineties, manually evaluating thousands of security logs daily, many of which represent false positives. While the tradecraft principles underpinning security are sound, the avalanche of alerts causes fatigue and monopolises analysts’ time, contributing to a shortfall of talent.
But most importantly, this approach does not scale. Corporate data is growing in size and in strategic significance, creating more vulnerability and risk in the process. Manual data interrogation is not enough to handle current volumes – it’s like asking switchboard operators from the sixties to connect today’s global phone calls.
Data has been at the heart of the financial system ever since London’s shipping merchants gathered in Lloyd’s coffee shop to assess the likelihood of their ships’ cargoes landing safely. Since the nineties, widespread access to the internet has led to an exponential rise in the creation of data, bringing data analysis to businesses beyond economists and financiers. Cloud technology has caused the cost of storing data to plummet, and opened up the use of analytics to companies of all sizes.
The data lakes that were once exclusive to technology companies now help make up the competitive advantage of almost every listed company in the world. This has changed the face of corporate fraud, with Kroll’s 2018 fraud report showing that information theft has overtaken theft of physical assets for the first time. As breaches become more frequent and more damaging, the skills needed to protect these assets have become a crucial part of an organisation’s risk management.
But this data also contains the solution to the problem. Just as early insurers looked for patterns in weather conditions to assess the risk to their ships, modern algorithms can analyse data patterns, for example in employees’ behaviour, to determine when something appears out of the ordinary. Big data created our current knowledge economy, and also holds the key to protecting it.
One month prior to Levin’s extradition, another Russian was making history in the US. Garry Kasparov, considered to be the greatest chess player the world has ever seen, also became the first chess grandmaster to lose a match to a computer in tournament conditions. IBM’s Deep Blue drew from data on thousands of masters’ games to identify its every move, an early indication of the data science revolution that lay ahead.
Since this victory of machine over mind, artificial intelligence has overtaken human expertise in areas from cancer diagnosis to Texas Hold Em. DeepMind’s AlphaGo Zero beat the world’s top chess software after playing against itself for five hours, dispensing with the need for external data of previous matches.
Following Kasparov’s loss, he discovered that working with an AI of his own, even a basic one, he was able to consistently beat the most powerful AI programmes on the market. This partnership, termed a “centaur”, represents the most advanced chess-playing force on the planet. Combining human domain knowledge with AI computation led to the best possible outcomes.
The future of security lies in the convergence of the three strands of big data, artificial intelligence and tradecraft – an evolved approach called Security Data Science. Analysts need to focus on being top level decision makers, rather than subpar data processors, by using their security knowledge to understand possible threats and react appropriately.
Data scientists must determine the type and amount of data needed to rigorously assess these threats, and ensure it is gathered and analysed correctly. Both can then work together to build tools powered by artificial intelligence that deliver conclusions instead of alerts.
For any one individual, protecting against today’s advanced cybercriminals can seem like an overwhelming challenge. That is why it requires a collaborative approach. Implementing Security Data Science turns security analysts from players to centaurs. In a business climate where data is king, Security Data Science is becoming the only way for organisations to protect their most precious asset.