Many are referring to the Ashley Madison leak as one of the worst acts of cyber crime to have ever taken place, with devastating consequences on a personal level for nearly everyone involved. It even has the potential to destabilize entire nation states, with people in positions of power on the list open for blackmail - either by those seeking money or by security services looking to leverage the information for intelligence. The leak has already caused at least two suicides and will likely lead to multiple divorces and broken families.
For the finance industry, cyber crime on this scale is nothing new. The main motivations for hackers are money, protest, and simply proving that they can do it. Banks fill the brief on all these fronts.
The volume of attacks and the devastating consequences that they can have mean that their systems must always be at the cutting edge, but despite heavy investment, they have still often been found lacking. John F. Kennedy once said that ‘if anyone is crazy enough to want to kill a president of the United States, he can do it.’ Which, other than being oddly sexist, also applies to today's cyber threat landscape. There is no way, in the current climate, that companies are able to prevent determined adversaries from getting into their systems. According to an FBI official quoted in The USA Today, more than 500 million records have been stolen from US financial institutions over the past year as a result of cyber attacks, with the average consolidated total cost of a data breach now $3.8 million according to IBM - up 23% on 2013.
Big Data Analytics could, however, provide a solution for finance companies. Brendan Hannigan, general manager at IBM Security, has claimed that, ‘with the rate, pace and sophistication of cyber-attacks continuing to grow exponentially, security has become a big data problem. Real-time analytics are required as the foundation of today’s security strategy.’ The International Institute of Analytics (IIA), meanwhile, has predicted that Big Data analytics tools are set to become the first line of defence - bringing together machine learning, text mining and ontology modelling that can provide holistic and integrated security threat prediction, detection, and deterrence and prevention programs.
Securely authenticating who is coming into the network is the primary issue facing companies’ IT security, as is the identification of anomalies that occur in the network in real time. Once in, though, hackers can spend months at a time in companies' systems undetected, with perimeter-based defences often responsible. Government cybersecurity professionals estimate that cyber threats exist on government networks for an average of 16 days. According to the “Go Big Security” report, underwritten by Splunk, 61% of government cybersecurity professionals say they could better detect a breach already in progress using Big Data and analytics, 51% say they could improve their monitoring streams of data in real time, 49% say they could conduct a conclusive root-causes analysis following a breach.
The increasing reliance on Big Data for dealing with threats is being recognized, and firms like Rapid7, a provider of security analytics software and service are getting heavy investment from VCs. FBR Capital Markets has predicted a 20% increase in ‘next-generation cybersecurity spending’ in 2015, and financial organizations looking to defend their data should be looking to adopt it if they want to stay ahead of those looking to infiltrate their systems.