Big data vs Bad guys
Nobody will be surprised if I speak about the many competitive benefits offered by Big Data explotation, not only for, but also to predice behaviours and gain indicators that could inform business actions in order to improve strategies in a proactive manner.
As early as 2011 Sir Tim Berners-Lee, father of the World Wide Web, declared that “Data is the new raw material for the 21st century.”
Sometimes there appears to be a magic halo when you go forward seeing the potential of data handling, and more so when you turn into knowledge via the application of AI and process automation.
The marketing and finance sectors have been the first to reap the benefits of Big Data, but it is clear that they are not the only ones who will jump on the bandwagon.
Reconnaissance and OSINT are not new terms for people who are immersed in the Information Security world, and at times we are not aware of the amount of sensitive information regarding our infrastructures, systems and employees that is available in public databases (e.g. Shodan, Whois, businesses registries, social networks…), nor are we aware of what goes unnoticed when certain tools are used against us.
It is likely that many of the nowadays directed attacks (p.e. “Spear Phishing”) have had success thanks to “ad hoc” intelligence tools, analysis, and exploitation of such information.
We need to be cautious with the information we provide and be responsible for what we publish in the open.
I recall a phrase by Edward Snowden regarding privacy that I believe fits in well here:
Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.
The big players in the security software market (AntiC&C/AntiMalware/AntiVirus) share collective intelligence from their clients to strengthen themselves against new threats in real time, going far beyond traditional companies.
Big Data in CyberSecurity is coming to our organizations via SIEMs that are getting more advanced, allowing us to correlate events and be aware of changes in systems behaviours via an analysis of all the logs of each part of our infrastructure.
An unresolved matter that we still have to look at in these coming months is the adaptation of Deception Technology, deploying a logical minefield before the bad guys attack, and integrating that data with our cyberdefense intelligence.
We shall be more reactive and conscious to what is attempted against us, we shall be able to develop more personalized strategies to improve our resilience, and we will have more tools in the face of the growing uncertainty.
There will be one final obstacle to overcome (which is primarily cultural in nature), which is abandoning isolation and sharing our valuable information with the world.
By sharing what each organization learns and feeding a global intelligence community we will be able to try and stop the advantage that criminals have over us at this time.