Intelligence driven security the only way forward, says Verizon’s Jay Jacobs
by Nilesh Pritam
Jay’s opening line, speaking at the RSA Conference held in Singapore, says it all. The data scientist and co-author of the 2014 Verizon Data Breach Investigations Report doesn’t mince his words while speaking about the way forward for the security industry’s ongoing battle with cybercriminals. “Adversaries are not random, they exhibit tendencies. Tendencies lead to patterns, therefore security controls should not be random,” Jay told a packed room. In essence, predictive analytics have a crucial role to play in enabling information security professionals to stay ahead of the game.
Jay touches on the history of big data analytics while saying that current methods of data analysis using small data—historically not the industry’s strong suit—have fallen even farther by the wayside. He urges his audience to think about the psychology of a data breach: “Victims of cybercrime are not random. The term “everyone should….” has to be seen as a thing of the past.”
In his view, the key ingredients for successful data analytics are curiosity, statistics and transparency. With these in place, it is (as ever) a question of doing the basics well – and Jay suggests the recipe for effective data analysis is as follows:
- Formulate a good research question.
- Identify the data needed to answer the question.
- Analyze the data using the appropriate method.
- Honestly report findings.
Jay believes that the data scientist will be the key ingredient in most IT departments in the next five-years – and also a key player in the fight against cybercrime.
The 2014 Verizon Data Breach Investigations Report found that just three patterns covered on average 72 percent of cyberthreats in a given industry. By understanding what threats are your biggest concerns, enterprises can better protect their organizations by focusing on the cyberthreats that are most prevalent in their sector. The SlideShare below looks at cyberthreats by industry, based on this year’s report.