Like almost every other tech blog, tech magazine and mainstream pundit, the National Institute of Standards Technology (NIST) tackled the issue of cyber security. But instead of complicating what appears to be an increasingly complex problem, NIST broke down cyber security operations into five elements: identify, protect, detect, respond and recover. Of course, the object worth identifying, protecting and recovering is data. Hackers and viruses require detection and response. It is these two latter elements where big data can most improve operational efficiency by detecting intrusion in real-time and automatically responding to threats.
Big data provides analysts with the ability to spot trends and patterns in everything from social media hashtags to consumer purchases to user log-in habits. Each bit of data and its corresponding analysis have the ability to become a security tool. Since hackers ride the wave of popular technology, when a new technology arises, like wearables, hackers are able to get in on the ground floor.
During first launches, new technologies are extremely vulnerable to breaches. In such a scenario, many cybersecurity experts rely on monitoring for a breach, rather than building potentially flawed firewalls or porous patches. Monitoring new and trending technologies provides security professionals with the information they need to detect holes in their digital environments and respond swiftly.
Data from log-in attempts and user habits establishes a baseline of typical use. When habits and log-ins diverge from an established pattern, monitoring systems detect these irregularities and potential breaches which trigger an incident response team to react by identifying the compromised data and working to protect and recover it.
Data-driven response increases operational efficiency by requiring incident response teams to collect all of a system’s data when creating user behavioral profiles. This form of automated data collection mimics the processes used by UX professionals. Instead of seeking out normal patterns of behavior, successful incident response teams will shift focus to abnormal use, increasing cyber security operational efficiency.