Thursday, Nov 23, 2017
HomeFeaturesArticlesHow the Government is Using Big Data for Cybersecurity

How the Government is Using Big Data for Cybersecurity

From viruses to malware and phishing, cyber attacks have increased in recent years and have led to the loss of billions of dollars and countless amounts of private information. Many businesses have turned to big data to automate their security analytics and to better protect themselves from criminals and hackers. However, the push towards big data doesn’t stop with the private sector—government agencies are also using big data for cybersecurity, even as they  face a larger and much more difficult threat.

Unique Threats

Cyber attacks happen every day, ranging from relatively small hacks, like an individual whose identity is stolen online, to larger attacks, such as millions of customer credit card numbers being stolen from the server of a large retail store. That’s just in the private sector—the public sector is exposed to unique cybersecurity threats, including attacks from other nation states and hacktivists, aside from the typical hackers and criminals. The vast amount of data government groups deal with can be astounding, and since many organizations have limited funds and personnel, it can be virtually impossible to stay on top of data security at all times. Consider all of the information federal and local government agencies hold: personal information, medical records, housing forms, financial data, stock information, and more more. That information is valuable to hackers and other countries and can become the center of a large-scale attack.

The more data there is, the greater the chance that a hacker can enter the system unannounced. Government agencies typically take an average of 16 days to discover an attack, meaning the hacker has untapped access to private information for weeks. The most lethal threats are the attacks that are never discovered, which lead to hackers stealing huge amounts of data without anyone ever realizing the security breach. However, the growth of big data and analytics has opened doors to new measures to more effectively predict, find, and fight cyber attacks. This new technology comes in many forms, ranging from artificial intelligence machine learning to automated data scanning and vast databases full of information and can monitor data security and protect against attacks. While it would be impossible for a human to survey all of the data, analytics can perform similar tasks with great accuracy in just minutes or hours, giving agencies a potential leg up on the hackers.

As government agencies turn to big data for cybersecurity, the good news is that 90% of government analytics users say they have seen a decline in security breaches. Big data is definitely making an impact in government cybersecurity, especially in three areas: threat prediction, quicker response times, and faster recovery.

Threat Prediction

One of the most powerful ways to use big data in a cybersecurity setting is to sift through the information and find potential threats. Anything from malware to social engineering can release or destroy vast amounts of information, but being able to track trends and see what is happening to various data points can eliminate some of the risk. Paired with artificial intelligence, analytics programs can learn from historical data to create predictive statistical models that allow the program to predict future events. It’s the difference between a person trying to find connections between past attacks and a computer being able to look at historical data and quickly pull out the similarities. If an agency knows a particular part of their server is weak and more exposed to hacking, they can work to build up that area or key a more watchful eye on that data for a potential attack.

“Agencies face a perfect storm of cybersecurity threats,” said Steve O’Keeffe, MeriTalk founder. “When you’re headed into troubled waters, you need a weather forecast. Big data provides agencies with the visibility to ensure they don’t end up the river without a paddle.”

Being proactive in cybersecurity saves time and money. Instead of waiting for an attack and then going into defensive mode to fight the fire, the best organizations stay on top of threats and try to prevent attacks from even happening. The average cybersecurity attack costs $4 million, meaning preventing just one attack can potentially free up the funds to cover advanced analytics systems. Placing more of an emphasis on proactively finding cybersecurity threats can save the government lots of time and money in the long run. However, it can be a vicious cycle of being behind attacks out of once an organization spends the time and resources to repair an attack, meaning those resources aren’t being used to monitor for future threats. This is especially common in government groups, where IT resources are already spread thin. Taking advantage of big data automation is powerful in finding and eliminating threats before they turn into larger issues and full-blown attacks.

Quicker Response Times

One of the most dangerous aspects of cyber attacks is that they often take a long time to discover. Unbeknownst to an agency, a hacker could be streaming information out of their server for weeks or months before the attack is realized. This is especially common in government organizations with huge amounts of data—it isn’t uncommon for analysts to be monitoring a certain set of data to keep it safe while another area is under attack and the agency is completely oblivious.

Being able to respond to a threat quickly is important as the nature of threats changes each day as hackers get more sophisticated and change their approaches. If a government agency were only using humans and basic programming to detect threats, they wouldn’t be able to adapt as quickly as big data. However, algorithms can be added to analytics programs that find new threats and look at things differently to make sure even the newest, most advanced threats are discovered.

Big data analytics can run regular programs to look for anything out of the ordinary in the data sets. While this isn’t a perfect solution to discovering cyberattacks, it can be helpful in providing a more timely and accurate picture of the safety of the data. To be truly effective in responding to potential and actual cybersecurity threats, big data analytics programs need to automate their forwarding of threats to the right people and divide the types of threats and attacks into different categories depending on the severity and the data involved. Again, due to a lack of government resources in many agencies, being able to pinpoint the highest-risk threats and the attacks that put the most data at risk can be helpful in controlling cybersecurity and lead to a much faster response time. Agencies that are the most effective at detecting and responding to attacks quickly have a strategic integrated security solution.

Faster Recovery

Even if a cybersecurity threat or attack is realized quickly, that doesn’t mean the information will be easy to track down. Once the data has been exposed to hackers, there’s no telling where it went or who has it. Some hackers use the information themselves, but many others pass it on and sell it on the black market, making it incredibly hard to track. The IRS, for example, is expected to spend months and millions of dollars cleaning up its system after hackers stole taxpayer data to file fake tax returns—the attack itself might not have lasted very long, but the aftermath can be overwhelming.

Big data is useful in scouring black sites and other hacker activity to see if the data has been sold. It can also isolate the stolen data in many cases, which can help investigators narrow down their search to only certain types of data. Looking for elderly patients’ healthcare information, though daunting, is easier than looking for any data leaked from the Medicare organization, for example.

Big data also allows organizations to have recovery plans in place before an attack occurs. Some systems can be programmed with automatic responses once an attack is discovered, meaning the system can be automatically shut down and the recovery process can start right away. Most agencies run tests on their big data systems to make sure they are working properly.

Instead of looking for a needle in a haystack with a single person and a magnifying glass, using big data for attack recovery is like sifting through the hay with a team of workers and a conveyer belt—by its very nature it is a faster and more sophisticated process. Investing in big data for cybersecurity often pays off very quickly because it doesn’t take as long to recover lost data.

Effectiveness of Big Data

Big data and analytics have been powerful tools in preventing cyber attacks, but they don’t automatically stop every threat. There are still risks involved, and the government faces a unique set of challenges related to big data.

81% of federal agencies say they are using big data and analytics to better understand risks and mitigate cybersecurity threats, though the level to which they are using big data varies by agency, with some having it a keep component of their cybersecurity strategy and others using it in more limited roles. However, only 45% of agencies say their efforts are “highly effective,” meaning that it may require more than just big data to keep information safe. According to a recent survey, the top challenges faced by government cybersecurity users are the overwhelming amount of data, the lack of appropriate systems to collect necessary cybersecurity information, and the inability to give cybersecurity managers information in a timely manner, as well as a lack of training and concerns over privacy. Together, these challenges lead to more than 40% of federal data going unanalyzed, and therefore, being at risk.

“Internal and external cybersecurity threats will continue to evolve daily and we need to unlock the power of the data in order to regain the advantage,” said Rocky DeStefano, cybersecurity expert. “Agencies need complete visibility into the data across their enterprise. These teams also need the ability to flexibly analyze that data in a meaningful timeframe so they can detect advanced threats quickly, identify the impact and reduce the associated risk. Accelerating investment in the platforms necessary to collect and analyze this data is critical to the success of these programs.”

Although government agencies are taking a step in the right direction by using big data for cybersecurity, nearly half of federal agencies say cybersecurity compromises happen at least monthly because they can’t fully analyze their large amounts of data.

The government uses huge amounts of data for its many programs and initiatives, and an increase in big data analytics has helped increase cybersecurity. However, there are still gaps in the system, which will need to improve to keep up with the increasing sophistication of hacker attacks. Thanks to the development of more advanced big data programs, government data is potentially more secure than it has ever been before.