Could Big Data Fix Government’s Cyber Problem?
A majority of federal, local and state cybersecurity professionals polled in a new study believe their organizations are “overwhelmed” by the volume of security data.
According to a new study, the U.S. government’s IT leadership believes hackers permeate infected networks for an average of 16 days before detection.
For a sophisticated intruder, 16 days is an eternity to sniff around and ferret out data, manipulate log files and generally wreak silent havoc. The study, released today by Virginia-based public-private partnership MeriTalk, found a majority of 302 federal, local and state cybersecurity professionals believe their organizations are “overwhelmed” by the volume of security data.
Because of this, approximately 75 percent of those polled feel their security teams are “reactive instead of proactive.” In other words, more often than not, security teams are responding to attacks rather than actively attempting to prevent them.
The study points to “big data analytics” as a potential savior to cybersecurity strategies across government, with 86 percent of those cybersecurity professionals polled stating “big data would significantly improve” their organizations cybersecurity posture.
Now, employing big data as a tool in a cybersecurity arsenal is not as simple as flipping a switch.
In the context of cybersecurity, “big data” is really a blanket term for technologies that monitor network traffic, and produce large streams of data that can be analyzed by computers, not humans.
Big data is beginning to play a larger role in cybersecurity, but it’s nowhere near the norm: Only 28 percent of respondents today are leveraging big data in their cybersecurity strategies. With it, 61 percent of respondents say they “could better detect” a currently occurring breach and more than half believe they could monitor data streams in real-time.
One such example, the National Security Agency, is in the midst of “Snowden-proofing” its systems with a brand-new enterprise architecture in its GovCloud that will employ real-time analysis of its security log files. Soon, NSA analysts won’t have to rely on manually reviewed log files to ascertain analyst behavior -- they’ll be able to do it in real-time. But it’s taken many years, a black budget -- for national security purposes, NSA’s budget isn’t privy to the public -- and lots of top-down push.
Yet, considering how many federal agencies were owned last year and the plethora of other high-profile private sector breaches occurring with increasing frequency, it only makes sense the government’s cyber pros want more options.
It’s not just the growing frequency of threats that irks them, either: Approximately 70 percent say their organization is already overwhelmed by the security data they collect from vulnerability scans, VPN- and other logs. What’s more, 78 percent say “at least some” of this collected data goes unanalyzed at any point.
All that leads to one chilling conclusion: “Nine out of 10 cyber pros say they cannot tell a complete story with cybersecurity data.”
If Kevin McCallister looked at the government’s cybersecurity picture, you know what he’d say.
(Image via Tashatuvango/ Shutterstock.com)
NEXT STORY: Congress Considers Roads for Robot Cars