Splunk 2013: Top enterprise cyber security 'appalling' - former NSA CIO/CTO

Dr Prescott Winter tells Splunk 2013 big data is key to upping poor cyber security among big business

Former National Security Agency (NSA) CIO and CTO Dr Prescott Winter believes that many large organisations don't know what they're doing when it comes to cyber security and as a result defences against hackers and cyber attacks are "appalling".

Winter, who spent 27 years at the NSA and is now managing director of security services firm The Chertoff Group, made the comments as part of his keynote at Splunk Worldwide User's Conference 2013 in Las Vegas. He used the keynote to discuss how big data is changing cyber security.

He warned that there's still a long way to go in the fight against hackers and cyber criminals, even among top businesses, many of which, he told the audience, still leave themselves vulnerable to attack because of poor security practices.

"As we look at the situation in the security arena at the Chertoff Group, we see an awful lot of big companies - Fortune 100-level companies - with, to be perfectly candid, appalling security. They have fundamentally no idea what they're doing," said Winter, who argued big data has a role to play in improving this.

"My appeal to you is that there are ways we're about to protect these enterprises and they involve both a risk management approach and then the enrichment of that risk management approach via applying big data."

The increasing prominence and scale of cyber attacks, Winter said, demonstrated that "there's clearly a need" for the use of such techniques in order to improve the chances of the enterprise winning the cyber security battle.

"You don't have to read the papers to see what's going on. We're seeing threats to critical infrastructure," he said, referring to cyber attacks on power systems and transport.

"We've seen a gradual evolution and a significant increase in the danger levels of threat, moving from reputation smearing and website defacements to all kinds of theft, money obviously being the biggest one with bank account and credit card fraud," Winter continued.

"But an enormous amount of intellectual property is being taken as well, more than anybody can calculate or begin to make sense of, that then has moved into various kinds of DDoS attacks."

Winter referred to the "wake-up call" represented by cyber attacks against Estonia in 2007 "when a highly internet-dependent country was brought to its knees", he said, adding: "We continue to see heavy assaults on banks and the big institutes in the USA."

According to the former NSA CIO, the best way for business to protect their assets is to take a risk management approach, taking advantage of the analytics capabilities offered by big data.

"We do a lot of security assessments at the Chertoff Group and our view is in order to protect your enterprise - which is possible despite all the doom and gloom - we think that this integrated cyber security ecosystem, which is a real asset-based, business-driven, risk management approach, is an effective way to protect your enterprise," Winter explained.

He added that big data is the key factor, as it allows an organisation to determine what assets and information need most protection.

"Big data is the thing that makes the risk management approach work, it's being able to see enough of your enterprise with enough information that you can actually understand what's going on.

"Risk management requires that you see the assets that you determine to be the most important and that you're able to align those assets with business outcomes. What's your enterprise trying to do? Which assets if compromised would spell disaster to a major business line?" he said.

Winter said proper analysis of data - and at speed - is crucial when it comes to the enterprise securing itself from outside cyber threats.

"It's a serious issue and one of the things that's so critical in this is to begin to understand what's happening in the enterprise and being able to move with speed through the analysis of lots of data to be able to provide the confidence your senior officers and executives need," he said.