Today it takes on average 146 days to detect a malicious attack in an organization’s environment, reflecting the lack of cybersecurity expertise. Before discovery, vast amounts of information may have been stolen and entire infrastructures infected and hacked.
In 2016, over 3 billion records were publicly leaked worldwide, including sensitive data. These breaches could undermine relationships between organizations, citizens, partners and other stakeholders. In the same year, 87 percent of organizations reported at least one cyberattack. With cyber threats expected to grow in size, frequency and complexity, the annual global cost of cyber crime could rise to around $6 trillion by 2021.
The digital threat landscape continues to evolve. In the constant struggle against time, effective cybersecurity management needs a shift in paradigm. This means a move from the traditional, in-depth cybersecurity model, based on multiple layers of protection, to a new model. It should be based on supercomputing and automation that mines and interprets data from previous threats to prevent future attacks. This new model is called prescriptive security.
How does prescriptive security work?
It brings together two key technology building blocks.
Analytics and machine learning
Cyber crime can be reduced by using supercomputing to learn from historical data, and by putting preventative algorithms in place based on this learning:
- Firstly, a data lake powered by high-performance storage and analytics software makes it possible to collect, aggregate and access high volumes of data.
- Then, prescriptive security analytics integrates all key elements in the company’s security environment (from the Internet of Things, operational technology and information technology) and leverages threat intelligence gathered outside the organization (like the surface web, the dark and deep web, social media and partners’ feeds) to proactively block upcoming cyberattacks.
- By analyzing structured and unstructured data, behavioral and contextual profiles are developed to protect against current and future threats. Indeed, attacks can be stopped before they start by using the data collected to develop notions of what’s next and by extending the scope of data collection (hunting outside the organization as well as inside) to preserve a state of readiness.
When threats are detected, a response must be instant. Prescriptive security minimizes the need for human intervention by using automation to expedite a clean-up, not only resolving the threats but also analyzing their root causes and protecting against them in the future.
A prescriptive security operations center’s automation process instructs the security components it controls to adapt and recover from threats. These components hunt for threats upon detection and eliminate them.
Prescriptive security can optimize an organization’s cybersecurity resources and free them from spending valuable time detecting threats and acting on them retrospectively. This means that cybersecurity teams can focus their resources elsewhere. Using this model also enables organizations to apply data analytics across complex, global IT architectures to detect, isolate and solve threats in real time.
The pace of digital change will never be as slow as it is today and data volumes will grow exponentially. What we see as ‘big data’ today will appear dwarfed in just a few short years. By 2020 there will be more data than grains of sand on the planet. New digital innovations and opportunities will continue to emerge. The success of this digital revolution will depend on how quickly and efficiently cybersecurity evolves to counter increasingly complex, rapid and aggressive threats as they occur. This is essential to protect every institution susceptible to attack, from multinational enterprises and central governments to smaller companies and local government agencies.