Bernard Marr* says the hacking of the SolarWinds company demonstrated that cyber-security can no longer just be left for organisations’ IT departments to deal with.
The SolarWinds hack, first detected in December 2020, was a watershed moment in cyber-security.
Hundreds of organisations, including Fortune 500 companies and Government Agencies, were affected, with sensitive data compromised.
A year on, a major study conducted by Splunk has found that 78 per cent of organisations expect the same thing to happen again.
It’s widely acknowledged that the COVID-19 pandemic has exacerbated the problems of information security experts.
A major factor is the increased surface area that’s open to attacks due to the accelerated rate of digitisation that organisations are going through.
Large workforces working remotely mean more connections that must be secured and a greater need for authentication.
Both factors mean new vulnerabilities for attackers to probe and potentially exploit.
Data is at the heart of cyber-security, being both the prize that malicious actors are after, as well as a potent tool for those whose job it is to thwart them.
For this reason, security is an essential aspect of any data strategy.
It means developing a solid understanding, not just of what data your organisation has, but how it can use data to shore up its defences.
According to Simon Davies, Splunk’s Vice President for the Asia-Pacific region, cyber-security has evolved from an IT concern to a business-wide priority.
This has been driven by three principal factors — complexity, consistency, and cost.
The complexity of IT infrastructure has increased exponentially as more and more functions undergo digitisation.
At the same time, employees increasingly need to connect to a growing number of systems remotely.
Some may in the past have been entirely manual, such as logging working time or interacting with HR departments.
This means there’s a growing need for consistency of user experience and access.
For many organisations, cost is a motivator when it comes to migrating infrastructure to the cloud, but this migration creates a need to maintain visibility and secure points of contact between cloud and on-premises systems.
That doesn’t come for free.
Davies tells me that with the onset of the pandemic, there was a rapid acceleration of digitisation across industries — but with that came risk.
“You have a lot less visibility into your security ecosystem, less control over access points and you’re relying heavily on third parties and external service providers to support you,” he said.
“All these factors create more surface area and more risk for security breaches.”
Security needs to be considered in the same way as any data initiative.
What data do we need to solve the challenge? How do we collect, store and analyse the data?
Finally, how do we put the insights into action and learn from our experience?
Of the 500-plus respondents to Splunk’s survey, 84 per cent said their organisation had suffered a significant security incident in the past two years.
The largest individual incident type being compromised was email security.
Data breaches, malware attacks via mobile apps, distributed denial of service attacks, phishing, and ransomware were other incidents that caused issues.
Supply chain vulnerabilities were also seen as a problem; however, just 23 per cent of respondents said they had reassessed their policies around third-party vendor management in the fallout of the SolarWinds attacks.
Undoubtedly this comes down to workloads, which security professionals have seen grow significantly.
So how is data critical to cyber-security? In practice, it fills several functions.
Behavioural data, such as the actions and interactions of users on your network, is used to establish levels of ‘normal’ activity.
This can then be used to highlight outliers that could be a sign that something odd is going on.
If a user is accessing systems or data from an IP that seems to originate in a part of the world where they are not usually operating, it can raise red flags.
However, as more of us are working remotely and perhaps from different locations than usual, it isn’t always that simple.
Machine learning can be helpful here, as it’s able to correlate many different factors and draw up a more accurate picture of which activity is simply unusual and what might constitute a serious threat.
Data is the fuel of machine learning — the more algorithms know, the more accurate they will be at understanding and classifying behaviour.
Davies talks about the amount of ‘digital exhaust’ that gets generated by organisations.
“Every login attempt on a website, every interaction on a mobile app, data is being generated,” he says.
“Being able to digest all these data and understand what is going on becomes critical for threat hunters. That’s where machine learning can really assist.”
When companies look to Splunk to help with their data security issues, it employs a framework it calls the Prescriptive Value Pass.
Critically, as well as assessing the hardware and software infrastructure to identify vulnerabilities, it also involves a review of the staffing and training infrastructure, which can be just as important.
All of this helps achieve the objective of building a 360-degree view of an organisation’s data, as well as the touch-points it moves through as it’s copied and pasted across an increasing number of business functions.
*Bernard Marr is a bestselling business author and is recognised as an expert in strategy, performance management, analytics, KPIs and big data. He is the founder of Bernard Marr & Co and can be contacted at bernardmarr.com.
This article first appeared on LinkedIn.
