Subscribe

Using advanced analytics in the war against cyber crime

Recent events have put the spotlight firmly on cyber security.


Johannesburg, 05 Jun 2017
William Lawrence, Regional Practice Lead: Fraud, SAS South Africa.
William Lawrence, Regional Practice Lead: Fraud, SAS South Africa.

Cyber security is a term that's on an increasing number of lips today, especially following the weekend's events over and above a spate of high profile data breaches that were made public in the past year. To name just two examples, the massive loss of customers' personal details by the Ashley Madison dating Web site, after it was hacked last year, and the more recent subterfuge - ostensibly by Russian agents - related to the Democratic Party servers during the US elections.

William Lawrence, Regional Practice Lead: Fraud at SAS, points out that these examples suggest a significant shift in the nature of cyber crime. Just a few years ago, he says, this type of criminal activity would have been focused primarily on the financial services sector, with the simple goal of stealing money.

"Today, e-commerce is so prevalent that a lot of organisations outside of banks store personal client information. Remember that if you purchase something online, it means that your name and credit card details will be held by the relevant retailer, even if you are only purchasing flowers for Valentine's Day. This increases the opportunities for cyber criminals to steal critical personal information," he says.

"Furthermore, the nature of cyber crime is evolving all the time too. It is no longer always about stealing money, but can be for corporate espionage purposes, to obtain information to sell to a third party, or even for political capital, as was the case in the US election."

It is even being used for blackmail purposes as happened with Ashley Madison, which is a Web site that enables married people to conduct discrete affairs. By threatening to 'out' its customers, the hackers impacted the company's earnings to such a degree that it was unable to list, as originally planned.

Typically, states Lawrence, many cyber criminals target employees via phishing attempts, enticing them to open an e-mail attachment that embeds malware in the company system. This usually contains keystroke logging technology and allows them to obtain corporate information, such as passwords and other confidential information, which they then utilise themselves or sell to other criminal syndicates on the Dark Web.

"The trouble is that any company's cyber security is only as strong as its weakest link, which is inevitably the user. Too often, employees or contractors serve as the conduit for these criminals to access the company. And once there, the criminals tend to be quiet, taking a methodical and systematic approach to the harvesting of data, meaning the breach actually takes place over a number of months."

"This is where analytics comes into the picture, as it offers the ideal defence against an attack that is both under the radar and quite slow in nature. If your first line of defence is a firewall and anti-malware software, then SAS' advanced analytics provide a second, higher level. You could equate it to a house, where an electric fence and burglar bars are the first line of defence. Analytics, on the other hand, could be equated to having motion detectors inside the residence, which are designed to detect anomalous movement in the house," continues Lawrence.

He explains that with advanced analytics, massive amounts of data can be processed, with the objective of identifying anomalous behaviour within the enterprise's systems. This, he adds, enables the company to quickly detect out-of-the-ordinary behaviour and remediate the threat rapidly, significantly reducing the impact of such cyber crime.

"Successfully implementing analytics as a second line of defence requires several things. Firstly, you need the ability to process massive amounts of data in real time. In addition, you need to have the right people - network security professionals - involved, as they will understand the threats from both a security and a technology point of view. Then, based on a proper threat assessment, you need to deploy advanced analytical models that include machine learning and behavioural analysis tools."

It has to be advanced analytics tools, cautions Lawrence, as simple rules-based solutions will not be intelligent enough to catch most of today's cyber criminals.

"Behavioural analytics tools are specifically designed to help organisations identify anomalous behaviour within their IT systems. Furthermore, thanks to the machine learning component of advanced analytics, the tools are able to constantly learn from experiences, meaning they are, critically, able to evolve as the cyber threats themselves evolve," he concludes.

Share