Cyber analytics: what the C-suite needs to know


It’s the same story repeated again and again: an organization fails to invest in the personnel or resources needed to protect its networks, and then pays a steep price when a major breach occurs -- leading to financial losses, lawsuits, and a tarnished reputation.

Nothing forces changes in behavior like the sting of unwanted consequences – and executives are, by and large, now taking cybersecurity seriously. However, C-Suites continue to lag behind “the new normal” – which, today, means that a breach is not a matter of if, but when.

“The fundamental truth that the C-suite needs to understand is that there will come a day when a successful cyber attack will occur in your environment,” writes Travis Greene, a director at Micro Focus, for Forbes. ”Knowing this provides the catalyst for helping your organization prepare for that eventuality adequately.

Greene cites the distinction between “protection time” (in essence, the sum total of your organization’s ability to protect against cyber threats) and “exposure time” (your ability to respond once a threat has broken through your protections and compromised your network). 

Many organizations, he notes, have not come to terms with the fact that they will, sooner or later, be hacked. As a result, they place too much trust in protective measures – such as firewalls – and fail to develop effective plans for mitigation and response.

Budgetary concerns and organizational dynamics certainly play a role. In the wake of headline-making breaches, no executive wants to be accused of not having done enough to seal off potential threats; hence the focus is on prevention rather than mitigation. But what if no amount of prevention is enough?

Some good news: the emerging approach known as cyber analytics offers new ways both to maximize protection and minimize exposure. 

Simply put, a cyber analyst harvests data and uses it to identify patterns of behavior. With enough data at hand, algorithms can be developed that will identify suspicious behavior and alert cybersecurity personnel. Because much of the process can be automated, organizations can conserve resources.

Cyber analytics tools can help an organization identify vectors of attack, and they can also pinpoint the repercussions of an attack that actually happens – thus allowing a company to respond more effectively.

To use one example, the state of Pennsylvaniareported in 2014 that cyber analytics had radically cut back the amount of time needed to respond to a phishing attack.

“The average time for analysis and investigation of a phishing incident routinely took up to 15 work hours to identify the source and the initial infection vector of the activity. During that time, the ‘business user’ was without email capabilities,” the state’s CIO, John MacMillan, wrote. “With advanced security analytics, the same investigation can be done in less than 45 minutes.”

Cyber analytics represents a paradigm shift that can help organizations – and their CISOs – better navigate the current digital environment, with its proliferating attack vectors and never-weary threat actors.

"It is important to remember that cybersecurity is not necessarily about, having tools that keep us from getting attacked. In a perfect world that is what we want, but it's not likely,” said Dr. Mary Margaret Chantré, assistant professor in the cyber security and cyber analytics programs at Capitol Technology University.

“Cybersecurity is about the ability to be resilient to attacks and recovery quickly. A cyber analyst looks at mistakes made in the past and tries to avoid them in the present so he/she can predict possible future attacks. This type of situational awareness helps minimize risk," Chantré said.