1 + 1 = 3: The data multiplier in cybersecurity
September 10, 2020
In cybersecurity, many challenges are data challenges. So it makes sense to get the most possible value out of your data. That’s where we need to look for data multipliers in cybersecurity.
Frequently in life, the whole is greater than the sum of its parts. For example, I am a fan of both peanut butter and chocolate, but the day that peanut butter truck crashed into that chocolate truck the world became a much better place.
A further example. Nicolas Cage is always fun to watch and who doesn’t love Sean Connery? Put them together in ‘The Rock’ and boom! Movie magic. Same with Danny De Vito and Arnold Schwarzenegger in ‘Twins’. Great movie examples of 1 + 1 = 3 (or adequate depending on how much you like Nicolas Cage, though I’ll not see a bad word written about Danny De Vito).
But when it comes to data, you can argue that 1 + 1 can be much more than 3.
The data multiplier at work
A few years ago I remember watching a television special about a very large retailer that spent a lot of time and money tracking and storing data generated by people shopping in their stores (this was before the privacy concerns of data mining that we struggle with today). They also tracked external data points like the weather. By combining multiple, and seemingly unrelated, data points they were able to reveal some interesting facts.
In one example, they noticed that in a certain region of the country there was an increase in sales (I think it was by 15%) of a certain flavor of waffle (I think it was strawberry) whenever the temperature dropped by a certain number of degrees. It didn’t necessarily make logical sense, but it was clearly what the data revealed. So, whenever the forecast for that area called for a drop in temperature, extra (strawberry) waffles were loaded onto a supply truck for delivery to the relevant stores.
Sales data + weather data = happy waffle consumers
When it comes to cybersecurity…
This type of data multiplier comes in extremely handy in a cybersecurity environment.
My colleague recently wrote an article about a recent notable data breach, where hundreds of millions of customer records were compromised, noting the idea of Business Risk Perspectives (BRP), i.e. providing business context to security data. It came down to a previously discovered vulnerability not really being given the priority it warranted; it turns out the vulnerability was on a system that contained customer Personal Identifiable Information (PII). BRP is a great example of the whole being greater than the sum of the parts. By combining vulnerability data with a business context, you create much more value than either of those things individually and have a very powerful and actionable output – a more effective way to prioritize the plethora of vulnerabilities you have in the organization.
Vulnerability data + business context = prioritization
Another example could be something like a user who keeps failing phishing tests. Alone, that information may make for a good ribbing at the watercooler.
“Hey Bob, click this!”
But what if you can combine that data with information about the machine Bob uses, which it turns out has a few unpatched vulnerabilities on it? And then add some data about the fact that Bob works in the department that handles customer data. Then the fact that Bob only has one form of anti-malware on his device, even though your security policy dictates that serial clickers must have at least two forms of anti-malware installed on it. Now it is pretty much 1 + 1 + 1 + 1 = 11 (I think that is what they were thinking about in ‘Spinal Tap’ by the way).
This is the true power of data when it comes to maintaining a world-class cybersecurity posture. All the data is there and available, the difficulty is putting it all together in the right place.
How Continuous Controls Monitoring can be the multiplier
Funny how often it comes back to Continuous Controls Monitoring – the new category that we at Panaseer have been pioneering for the past five years. Continuous Controls Monitoring can be the data multiplier in cybersecurity, by getting all that data, providing that context, and multiplying the value and understanding of that data.
In a webinar on this subject, I spoke about Continuous Controls Monitoring more broadly and how it can act as the force multiplier for the existing security tools in your organization. We looked at a few key questions: What is CCM and how does it work? How can you get started with CCM? What are the benefits to the organization?
We looked at how CCM can highlight and help to remediate gaps in your controls to reduce the likelihood of control failures; provide a complete and accurate inventory of entities; tell complex stories of the entities in your estate; and provide increased confidence in the data used to answer regulatory requests.