Data Science vs. Security: Where's the Synergy?Is it Time to Focus on Data Science to Secure Against Fraud?
The security industry is trying to bring about synergy between data science and information security, as most security leaders believe that predictive indicators evolved from data science can identify new emergent risks before they result in significant losses, while helping security teams deal with alert overload.
Looking at the conglomeration of security, fraud and compliance professionals at the Data Security Council of India's Best Practices Meet in Bangalore on June 23, I also tend to believe that, although data science and analytics are still nascent, they will play a major role in helping security teams build necessary cyber defences with their ability to transform massive amounts of data into actionable intelligence.
The challenge is not about data availability, but big data framework's ability to handle data volume, analyze the quality, respond to incidents in real-time, prioritize data and build fraud-detecting expertise.
If one can draw parallels between data science and security to fight future threats, it requires a concerted effort to do so and leverage its innovations in developing an incident response mechanism.
"The timing is apt, as existing data science technologies are being re-christened for application in detecting anomalies in the network to identify various kinds of fraud," says Sudeep Das, Principal Security Consultant at RSA.
Data Science/InfoSec Themes
While the DSCI event commenced with workshops around privacy for startups, protecting against cyberattacks with threat-centric security and on cybercrime incident response management, CXOs and senior security decision makers were exposed to interesting themes around data science and how to leverage it for better security.
A panel discussion on how to weave data science into helping solve issues of safety, security, fraud and crimes - with use cases on data science for enterprise security, public safety and law enforcement - brought out intricate details of how the tools could be used to detect fraud in varied scenarios.
Panel speaker Parag Deodhar, CISO, APAC, at Bharti Axa General Insurance Company Ltd. says, "The insurance sector has petabytes of customer data to be secured and also structured, so we use data science technologies in streamlining the data and have algorithms to detect anomalies in the data structure."
The entire security industry is abuzz with talk that current data scientists are future cyber warriors. Against this, it's important to understand why security is a key attraction for data scientists. The theme around "Dialog with Data Scientists" rightly fits into this trend, enabling practitioners to see the synergy.
A panel discussion on building global threat intelligence capability brought in real-time insights on how and why global security providers have set up threat intelligence centers in thwarting cyberattacks.
Thought leaders have had hands-on experience generating data and working on various sets of data, segregating them into various buckets of predictive and prescriptive modes for security practitioners to align data based on vulnerability.
Practical Data Science Defences
Sanjay Sahay , Additional Director General of Policy, Karnataka Police, one of the speakers at DSCI's summit, candidly said, "Our capability to control the world or our organization depends on our understanding of the malware, hackers and vast variety of hacking tools and their behavioural patterns."
Whether understanding adversaries, issues of false positives or interpreting these in a fathomable fashion, it is advisable to understand data clustering and classification techniques in detecting bad and good data which can be subscribed by the security teams.
Today's practitioners need a platform addressing fraud challenges. The challenge is not about data availability, but big data framework's ability to handle data volume, analyze the quality, respond to incidents in real-time, prioritize data and build fraud-detecting expertise.
Handling huge volumes of data from multiple sources in a speedy manner and collaborating across teams are concerns that most organizations face. Addressing these requires a change in mind-set and willingness to use new technology.
This points towards a need for continuous monitoring and tools that have self-learning capability to keep up with the ever-changing face of fraud.
Experts recommend the threat modelling approach to analyse application security to safeguard data against threats and security needs to be designed as per the required algorithms.
Gartner believes poor quality of data costs organizations dearly and that governance issues also arise due to poor data management, resulting in huge risks. Chief data officers, digital risk officers and security heads will manage data as part of business operations (See: Gartner: Digital Risk Officers on Rise ).
In my opinion, enterprises should have a right framework, a fraud control and anomaly detection platform, which can help detect leakage and monitoring all points of control failure related to authorization access and transmission for IP theft and protecting IP.
A correct architecture combined with data analytics will offer prioritization of identified anomalies, facilitating early investigation and proactive detection of potential fraudulent practices.
What's your take on this?