Can Big Data Help Avoid Cyber Security Threats?


The Middle East region is facing a cyber pandemic, with Covid-19 related attacks skyrocketing. In 2020, the UAE saw an “at least 250 per cent increase” in cyberattacks, according to H.E. Dr. Mohamed Hamad Al Kuwaiti, Head of Cyber Security – UAE Government.

New research by multinational cybersecurity firm, TrendMicro, says critical public infrastructure and government IT systems were becoming a primary focus for hackers, with ransomware being their preferred weapon of choice. The ongoing digitalisation in the Middle East is also another factor putting companies at risk of cyberattacks more than ever before. 

Since big data analytics offers protection against these attacks, some organisations are using it to contend with the continuously evolving, sophisticated cyber threats rising from the increased volumes of data generated daily. The use of big data analytics allows businesses to analyse the information collected, allowing cyber analysts to predict and avoid the possibilities of intrusion and invasion. Machine learning (ML) and artificial intelligence (AI) play a major role in developing iIntelligent big data analytics enabling experts to build a predictive model that can issue an alert as soon as it sees an entry point for a cybersecurity attack.

According to a CSO Online report, 84 per cent of businesses use big data to help block these attacks. They also reported a decline in security breaches after introducing big data analytics into their operations. Insights from big data analytics tools can be used to detect cybersecurity threats, including malware/ransomware attacks, compromised and weak devices, and malicious insider programs.

In recent years, new security analytics solutions have emerged that are able to collect, store and analyse vast  amounts of security data across the whole enterprise in real-time. Enhanced by additional context data and external threat intelligence, this data is then analysed using various correlation algorithms to detect anomalies, thus identifying possible malicious activities. Utilising readily available frameworks such as Apache Hadoop, vendors are now able to build big data solutions for collecting, storing and analysing huge amounts of unstructured data in real time.

According to KuppingerCole and BARC’s Big Data and Information Security study, companies using big data analytics security say they achieve 53 per cent higher benefits.

Such tools operate in real-time and generate security alerts ranked by severity according to a risk model. These alerts are enriched with additional forensic details enabling quick detection and mitigation of cyberattacks.

Uses of big data analytics in preventing cybersecurity threats:

Predictive Analytics

Anomaly and malware detection are popular use cases. The ML algorithms combined with data from security systems can help analyse the historical and current data for studying and predicting the threat patterns. This approach can help in finding touchpoints of attackers before any attacks are executed. Moreover, it can also help with real-time responses to data breaches. These algorithms can automatically correlate the information to find a vulnerability pattern. 

Automation and Monitoring 

Oftentimes, cyberattacks are caused as employees are unaware of threats and do not know how to react in different scenarios. Big data analytics can help monitor the large set of activities of systems and users to prevent data-breaches. These processes can also be automated for minimising data breaches and for speeding up the recovery process in case of an attack. Enterprises can use data from a range of monitoring tools such as Nagios Core and Splunk.

Intrusion Detection 

It is hard to monitor vulnerabilities in real-time but big data analytics can solve this problem by automating this process at scale. Given the growing sophistication of cyber breaches, intrusion detection systems such as NIDS (network-based intrusion detection systems) are highly recommended as they are much more powerful when it comes to detecting cyber security threats. It can be enhanced with real-time analytics for a comprehensive way to detect malicious activities, thus blocking the threats before an attacker gains unauthorised access to the system. 

Also Read: The Analytical Ladder of Success

Risk Management Reporting

Big data analytics collects actionable insights from various data sources and systems to help with root cause analysis. Some of the reporting metrics could be exceptions around authentications, user handling, incidents, and tasks during non-business hours.

In contrast to mass-spreading malware, such as worms, viruses, and Trojans, Advanced Persistent Threat, or APT, attackers operate in “low-and-slow” mode. They often leverage stolen user credentials to avoid triggering alerts, and this type of attack can take place over an extended period of time while the victim organisation remains oblivious to the intrusion. But an intelligence-based approach to monitoring with the aid of big data technologies can address it, as the monitoring tools can engage deeper and more complex packet inspection and log analysis techniques by leveraging the scalable parallel processing big data techniques. Visual analytics can also be used to provide comprehensive network visibility to the network security administrator, as it can spot stealthy techniques like APT by identifying many minor deviations.

But many organisations can’t use the power of big data analytics to its full potential due to lack of the right tools, systems, experts or poor mining of data. Although leveraging big data is pertinent since cyber security has rapidly become a priority for GCC nations, there’s absence of culture to promote the sharing of data and lack of capabilities and skills to utilse big data, according to a Deloitte study.

According to Big Data and Information Security study, the big gap between demand and reality come from six major challenges:

  • Data and privacy security
  • Costs
  • Relevant data not collected
  • Inadequate analytical know-how in organisations
  • Lack of resources and investment
  • Lack of awareness in the organisation

According to experts, tools must be backed by intelligent risk-management insights that data experts can easily interpret. This will allow experts to source, categorise, and handle security threats without delay.

Also Read: Adding AI to Supply ChAIn

Also, the big data analytics programs help data experts foresee the class and intensity of cybersecurity threats, the tools allow the use of current and historical data to get statistical understanding.

According to experts, infrastructure penetration testing gives an insight for business databases and processes and helps keep hackers at bay. Penetration testing has become an essential step to protect IT infrastructure and business data.

Penetration testing involves five stages — planning and reconnaissance, scanning, gaining access, maintaining access and analysis and Web application firewall (WAF) configuration.

This test enhances the fortification of a process by improving WAF security policies. Periodic penetration tests can help ensure that an enterprise’s analytics program is working perfectly and efficiently.

To increase the security around big data, businesses must also consider collaborating with other industry peers to create industry standards, and to share best practices, use attribute-based encryption to protect sensitive information shared by third parties, secure open source software and maintain and monitor audit logs across all facets of the business.

Big data analytics holds enormous potential — it has the capacity to transform the field of cybersecurity. Only with the use of the power of big data analytics, organisations can enhance cyberthreat-detection mechanisms.