This post was written by Karen Terrell, Vice President, SAS Federal
According to the Identity Theft Resource Center, there have been 57 data breaches of government and military agencies in 2015, putting at risk nearly 40 million records. Unfortunately, the attacks will continue to happen, growing in frequency, severity and impact unless agencies employ better technologies to bring big data into the fight against cyber criminals.
Big data makes a big difference
Technologies used to monitor for cyber attacks generate a high volume of alerts from different and largely unconnected systems. It is impossible to analyze all of these notifications manually or in a timely manner without exhausting valuable resources. Irrelevant security alerts and false positives inundate analysts to the point that many of the alerts become meaningless. A better approach is to prioritize the high-risk alerts, enabling data analysts to do what they do best – apply context behind all the information to better understand the data, including what it means, why they should care and what they should do about it – essentially finding the real threats.
A lot of agency data exists in complex and siloed data sets. Analytics can help break down those silos, and look across the data to find anomalies that could indicate a breach. Integrating data helps agencies be proactive in building baseline behavior profiles for everyone – employees, contractors, clients – on every device in the organization. This is pertinent to flag behaviors that are out of the ordinary such as unusual data movement between systems, or account holders acting abnormally. By applying big data and predictive analytics to an organization’s cyber defense strategy, agencies can more easily recognize patterns that represent network threats – allowing for a faster response and minimizing, or preventing, the impact of a potential breach.
That’s great, but there’s another threat to agencies’ cyber defenses.
It’s all about the skills
New technologies have driven a democratization of analytics, putting the power of big data in the hands of decision makers and non-technical audiences. That’s a positive development, but doesn’t eliminate the need for data experts that can handle data quality challenges, apply analytics strategically and interpret results in the context of the organization.
To respond more effectively to the rapidly evolving cybersecurity landscape, agencies must increase their attention and investment in a skilled analytics workforce. After all, it takes the right kind of people analyzing the results and creating the queries in order to understand what the raw data means and what to do with it. Without these skilled individuals, agencies are fighting an uphill battle against more sophisticated cyber threats.
Agencies cannot capitalize on their operational and performance data if they don’t have a skilled workforce capable of extracting knowledge from the data. Unfortunately, federal agencies fall short in turning their data into insight due to a critical workforce skills gap. Many agencies lack the data and analytic skills to analyze complex data sets and convey the story the data is telling to decision makers.
The creation of Chief Data Officer positions throughout government is a positive signal of a commitment to growing the federal analytics talent pool. The technology is there to turn the tide in the cyberwars. However, if we do not do all we can to fill the federal workforce data and analytics skills gap, the US government will continue to leave itself vulnerable to cyber attacks.