Dr Hugh Thompson, CTO at Symantec, argued that analytics will be key to progressing and advancing cybersecurity.
In his keynote presentation at RSA Conference 2017 Asia Pacific and Japan in Singapore on July 26 2017, Thompson presented the case for how analytics can improve performance and happiness in various walks of life. “Connected devices are a part of everything we do; we generate, enrich and codify data at a scale that is unfathomable. We need to work out how we can draw from that data to make better decisions”, Thompson said.
“We talk about analytics, especially in this space, in a cold, surgical way. It’s big data and machine learning and AI. But if analytics is applied to the right problem, it can make a massive and very personal difference, an important societal difference.” As a result, Thompson said, “we need to think inspirationally about what analytics can do because it could be transformative to how we work and live.” He asked the audience to consider what cybersecurity could look like if the sector was as successful with analytics as other industries have been.
“When we think aspirationally about what analytics can do, it can do much more than simply automate some of the mundane tasks we do.”
When we think about IoT security holistically, said Thompson, “the fundamental question comes down to ‘can we drive a quality of product in IoT that has reasonable cyber-hygiene and can people make choices of those products based on utility and risk?’”
What might IoT security look like in a few years? “What if my mum could look at a device and see data - much like the information you get on food labels - and make a decision, based on security, about whether she wants to introduce it into her environment?” The label could catalogue some of the sensory elements of the device, its energy consumption, how it connects to things around it and the kinetic aspects of the device. “From a security perspective, we would want to understand if the device is securable and if there’s a mechanism that can be used to plug into a framework, monitor it, use behavior graphs, to see if the device is suddenly behaving in a very different way.”
“In the future, if we get really good at analytics, an incident is the identification of potential energy for an attack. It’s not finding an attack that has already occurred; it’s identifying the conditions that will make an attack likely.” We would therefore get better at identifying these potential attacks and preventing them, said Thompson.
Another advantage of good analytics is the ability to use flexible technologies that truly adapt around a human being and change as that person’s context changes. This would enable different technical propositions for work and home risk decisions, for example.
Dis-economy of Scale:
“Today’s security is a dis-economy of scale”, announced Thompson, explaining that often it is perceived that the more humans that are part of the company and network, the more people that can make mistakes, and the worse off you are. “If we get good at analytics, however, security becomes more like a neighbourhood watch. You’re better off with more neighbours in the real world – more people monitoring the environment, thus increasing security.” In the digital world, “we can empower users in the eco-system to tell us and confirm to us things they are doing at a moment in time. We can ask questions (see figure 1) and they can confirm, deny, or raise the alarm.”
Thompson argues that the industry needs to make individual users allies in the fight for cybersecurity. Use and harness your people to raise security”, he argued.
In closing, Thompson acknowledged a lot of great work in security analytics, but insisted there is a long way to go. “I’d encourage you to rethink the art of the possible and how we should measure ourselves against where we should be compared to where other fields are in this space already.”