'Analytics key to stopping cyber attacks' - Websense's Alex Watson

Director of security research argues analysing big data for anomalies will be key to protecting organisations from cyber attacks

Organisations should employ big data and analytics in the fight against cyber crime in order to remain as secure against hackers and other cyber criminals as possible, a security expert has told Computing.

Alex Watson (pictured), director of security research for Websense, also warned that human error is still responsible for a significant proportion of cyber security breaches.

"The technological approach that security is taking to detect these threats needs to change," he said, "I think the key to stopping these targeted attacks is by using analytics and searching for anomalies,"

Watson suggested that intelligent systems could draw on their power to calculate what's going on within the network, enabling the early detection of cyber threats by alerting users to abnormalities, even if the issue is a previously undetected, completely new type of malware.

"You don't exactly know what it is at first, but increasingly intelligent systems can put together the fact we saw a possible exploit attempt, a bunch of application crashes happening on a network.

"So putting together these different risk indicators to build a picture of an attack is really how the next generation of security systems will function," Watson explained.

Fundamentally, the process would involve detecting unknown cyber criminal activity through the digital fingerprints left on the system, with big data enabling organisations to analyse information in order to determine potential threats.

And while Watson acknowledges the process could be difficult for some organisations to adopt, he argues that analytics will be an essential tool in the fight against cyber crime.

"It's a very tricky process but very necessary. It's something that's critical to organisations, especially once they're likely to be targeted," he said, adding that high profile cyber attacks - like that against US retailer Target - demonstrate how vital it is to improve cyber defences.

Watson added that as much as organisations can protect themselves against outside threats, human error within a company - such as an employee visiting a malware-infected link in a phishing email - still represents one of the most significant threats. As a result, he argued, rigorous training needs to be put in place.

"The human factor often ends up being the most readily exploitable part of a network structure, so I think awareness and training are an important first step," Watson said.

"The reason those exploits are successful and are still successfully exploiting the human factor, is that security systems right now are built around protecting the perimeter with boundary-based defences.

"So when someone inside the trusted network clicks a link in an email, basically what they're allowing are the attackers to completely bypass that," he concluded.