Big Data analytics for security – Barclays Group Security Function CIO Elena Kvochko on taking a holistic data-driven approach to cyber security

Nearly everything that we do as individuals and everything that happens in an enterprise context generates data. Companies have expanded their digital presence and are able to reach more stakeholders with the same amount of effort. New platforms are being used to deliver services and products that weren’t previously considered. Almost half of the world’s population is online, and it has become commonplace that every business is a technology business. To support this growth, there is an increasing need for innovative security strategies, Big Data analytics, and collaborative environments.

[See also: Barclays CSO and CISO roles merge – Chief Information Security Officer Troels Oerting on future threats and board support]

Over 50 years ago, Pablo Picasso said: “Computers are useless. They can only give you answers.” Today, we have a much wider application and adoption of computers. From stationary cash dispensing machines to portable mini computers that we carry on our pockets – computers are everywhere. With the advancement of Big Data analytics, answering questions can be done in real time and is always available. What is still hard is asking the right questions. And finding the correct questions that are based on human intuitions will not be a trivial matter for our cybersecurity industry. As we look for questions and answers on how to protect enterprises, we have to turn to our data and analytics using critical and algorithmic thinking. And here we need imagination and collaboration.

While digitisation has brought a lot of new opportunities to expand companies’ businesses and collect massive amounts of data, it has also brought many challenges to companies to protect their assets as well as their stakeholders. Technology advances in recent years have shifted developers, IT operations, and security analytics from more traditional back-office roles into the front-line as data becomes a strategic asset for the organisation to increase revenues, lower costs, and solve complex problems, such as, fraud detection, improve cyber security, and analyse time series and metrics data in real-time.

The internet has given rise to crime-as-a-service since modern crime is low risk and brings high returns. Consequentially, almost all attacks against institutions now have a ‘cyber dimension’, in which technology is used as an outright attack vector. As a result, enterprises are adopting new technologies, practices, and policies that allow them to protect themselves across channels and utilise all the data they collect in real-time to secure existing systems. It is important for companies to enable a defence that focuses on data and methods that provide maximum possible protection for minimal possible costs. Companies need to make sure that cybercrime stops being profitable by enabling products that help to make it cheaper to defend than to attack.

To address this, in our view, information security should be integrated with physical security and other security-related divisions in global companies in order to see security in a holistic way. There is a need to establish an intelligence-led defence resting on adequate cyber hygiene, physical and cyber security controls, with the ability to detect and react to the right ‘signals’. In our view, companies should focus not on notions, such as ‘information’, ‘cyber’, or ‘physical’ describing security, but simply focus on the core: to deliver ‘Security’.

Enterprises should invest in technologies that provide the following when they are under attack:

• Enable an analytics engine that can handle any volumes of structured and unstructured data in order to have a better view of events, see patterns, identify correlations, and visualise events in real time.

• Enable a holistic perspective of their assets.

• Log monitoring in real time: Monitoring jobs and activities across the organisation to identify and alert problems in real-time.

• Visualisation of traffic and performance: Understand the trends can lead for better planning and optimisation.

What makes defending enterprises difficult is that companies often operate in silos. Teams only have the visibility of the data they collect and they process. In this case, collection of data only gives you a local perspective. Therefore, events happen in isolation, and a global perspective is impossible to achieve prompting enterprises to try to compensate with manpower or improved communication efforts in the absence of data and systems integration.

It is in the best interest of all industries to collaborate to secure cyberspace since cybersecurity is highly interdependent. Since attacks are commonly performed by compromised systems, regardless of how secure an enterprise may be, our susceptibility to attacks depends on how well secured the rest of the internet is.

Elena Kvochko is CIO, Group Security Function, at Barclays having joined the bank in 2015 as Head of Global Information Security Strategy and Implementation