A series of massive data breaches last year saw cybersecurity plant its roots firmly in the public eye. The risk to organizations is great, and is constantly growing. The 2015 Cost of Data Breach Study by IBM and the Ponemon Institute found that the average total cost of a data breach rose from $3.52 million in 2014 to $3.79 million - and it is affecting everyone. As FBI director James Comey noted, there are two kinds of big companies in the United States: Those who have been hacked, and those who don’t know they’ve been hacked.
The simple truth is that threats evolve too rapidly for most cybersecurity systems to keep pace, and the ever-growing amount of data that companies hold (50% annual growth) is only increasing the challenge. The Internet of Things promises to exacerbate this growth even further, bringing with it an explosion in the number of data points. This explosion brings with it many positives, providing a great resource for organizations to learn from. However, it is also more data that organizations will have to defend from those who seek to steal and abuse it.
Companies need to narrow the gap between when an attacker gets into their network, and when they launch a defense. In its latest Data Breach Investigations Report, Verizon found that almost 80% of attackers took just days to infiltrate their targets, yet only a third of companies managed to detect the attacks within the same time frame.
The central problem is that security professionals are inundated with millions of security events. According to IBM’s 2015 Cyber Security Intelligence Index, companies experienced an average of 81 million security events in 2014. According to FireEye data, the average large enterprise generates over 12,000 security events per second - nearly a billion events every day. These include such incidents as people in two different geographic locations attempting to log in to a system. Humans simply don’t have the ability to process data on this scale. The obvious solution is automating the role of the analyst and response to incident, and cognitive computing has great potential for helping to achieve this.
Cognitive computing is a computerized model that simulates human thought processes. It is fundamentally AI that uses data mining, pattern recognition and natural language processing by utilizing both supervised and unsupervised machine learning techniques. This means that, unlike the static systems currently in place, it evolves as threats evolve, learning from data in real-time to identify previously-hidden patterns and anomalous behavior. By doing this, it can anticipate changes to the cyber landscape, and pinpoint and disrupt unknown threats as they arise. It can also identify the many, many false positives that the data throws up, building a profile of the normal ‘pattern of life’ for an employee or company, flagging up deviations that could indicate that a system is compromised.
According to Grady Summers, Senior Vice President of Cloud Analytics for FireEye, a security technology and services company, this year will see cognitive computing come of age in security. A number of companies are already starting to apply cognitive systems in the area. Texas-based Spark Cognition, for example, has developed a cognitive system that helps secure electrical grids from terrorist attacks, while IBM has also developed a system of its own. It appears to be a missing to self-learn in the same way that the human brain works. It can help predict and prevent emerging and undocumented security tatter of time before cognitive computing is a mainstay as a cybersecurity tool. Where human analysts fit into this, time will tell.