“Cyberwars: As hackers get smarter, so can companies – data science provides insights that allow companies to identify and pre-empt threats, allowing them to react more effectively”
The trouble with traditional cybersecurity is that it solves the problem after the fact.
Companies are reacting faster than ever before to cyber breaches – but by then, the damage has been done. Consider this: industry experts estimate there will be a cyberattack every 11 seconds in 2021, costing an estimated 2.8 million cyberattack victims more than US$6 trillion globally. And this will only grow with Covid-19 accelerating the shift online.
As organisations grapple with larger digital attack surfaces, and threat actors continue to exploit zero-day vulnerabilities while evolving their malicious attacks, it has become imperative that we act rather than react – and that there are defences in place to scan for, predict and pre-empt attacks.
Data science has the potential to do this. By using AI, machine learning and deep learning techniques to turn big data into valuable – and actionable – insights, it allows organisations to build a proactive cybersecurity posture, and to react more effectively.
We believe that this will have a profound impact on cyber defence in 2021.
The data advantage
Already, cybersecurity data science is proving an indispensable tool in the fight against phishing, one of the top threat vectors in Singapore, according to Ensign InfoSecurity’s Cyber Threat Landscape Report.
A popular phishing ploy has been the use of homoglyphs, where threat actors create URLs that look similar to a particular organisation’s – g00gle.com instead of google.com, often tricking unsuspecting victims into clicking on malicious links. Another popular ploy, typosquatting, targets those who make spelling errors when typing a web address – gooogle.com instead of google.com, for instance.
By developing a deep learning framework that generates varied homoglyphs, cybersecurity professionals have been able to develop datasets, that enable their security systems to identify emerging homoglyph threats. This is a crucial development as digital activity soars in the Covid-disrupted economy – and phishing attacks with it.
Another area in which data science can be a critical ally is in identifying new and emerging threats. By applying AI, machine learning and deep learning techniques to data on emerging cyber threats, organisations can derive insights on the current threat landscape, giving them early warning indicators of potential attacks. This is a far cry from the reactive stance that cyber defenders usually find themselves in, reacting only after an expensive war has been lost.
Combined with localised data and intelligence, this can also help uncover previously unknown cyber threats targeting their networks or sectors.
Visibility that matters
Data science can also be applied to weeding out threats that may have already infiltrated the digital environment.
AI and machine learning methodologies, for instance, can be leveraged to develop threat behavioural model and analytics tools such as User and Entity Behaviour Analytics (UEBA). By recognising what is “usual”, UEBA flags anomalous user and network traffic patterns, that could represent a potential or real threat.
Ultimately, what cybersecurity data science does is grant organisations better visibility of the cyber threat horizon – and with that, the ability to identify and pre-empt an attack.
It shifts an organisation’s cybersecurity and risk posture from reactive to proactive, allowing cybersecurity teams to put into place appropriate measures and controls, obtain timely or even early warning indicators of potential threats, and better respond and recover faster in the event of a breach.
When adopted correctly, such capabilities deny threat actors the advantage they have held for so long in their cat-and-mouse game with security professionals, and allows organisations to more effectively defend both their business and bottom line.