A recent report from the U.K.-based Information Security Forum reports that data volumes are growing at 2.5 million terabytes a day. That is a daunting growth pace, but the additional data enables companies to better understand and manage their risk/reward balance in cyberspace, protecting customers’ information, a critical aspect of managing the customer experience, according to San Francisco, Calif.-based Cloudmark, a firm that provides security solutions.
The ISF researchers found that despite the huge potential for big data analytics in information security, it is still immature and under-used, with only half of organizations using some form of analytics for fraud prevention, forensics and network traffic analysis. Less than one-fifth were using analytics ensure data integrity or check data classification.
“The report by the Information Security Forum underscores the role big data analytics has in reducing security risks,” said Mary Landesman, Cloudmark senior security researcher. “Big data analytics is not only capable of helping to reduce security threats, it plays a fundamental role in doing so.”
Using big data analytics to comb transactions and communications is essential in recognizing security breach attempts and protecting against intrusions, a critical factor for any company in the e-commerce space, Landesman said. “Protecting the data has to go further than just adding another layer of software. That might have been alright in the past, but not in modern times. Security cannot be passive in nature. You have a lot of online data that you can use to analyze to see if anything illegal (e.g., attempted hacks) is being attempted that is indicative of potential vulnerabilities. You have to understand what is anomalous and hone in on those for further investigation.”
This is particularly crucial when dealing with customer transactions due to regulatory and PCI standards, Landesman said. “There are a lot of compliance standards about how you protect the privacy rights of customers.”
Beyond those standards, there is also the issue of reputational risk and lost business if a company does suffer a breach, Landesman added. “I don’t think anyone blames a company that has advanced security – breaches will happen. But if it was very easy for attackers, customers and shareholders will be a lot more critical. There could be [immediate] financial losses and the company could be sued.
“Another issue is how the company handles the notification in the event of a breach. Breaches do occur. Companies that recognize that will have an action plan in place,” Landesman said.
Customers have the right to expect that any company handling sensitive information will have adequate security precautions in place, Landesman added. “There are an ample number of companies providing security products and services. You have to make sure that your systems are not vulnerable to attack.”