Cyber threats are constantly evolving, meaning attackers are always one step ahead. Cybersecurity data science offers a new hope. However, realizing the benefits of these methods will require focused investment. This is a conclusion reached by Scott Mongeau in his PhD dissertation "Cybersecurity Data Science: Best Practices in an Emerging Profession", which will be defended at Nyenrode Business University on December 4th, 2020.
“We are already in a cyber cold war”, according to the PhD candidate. “My research observes that hostile countries and criminal networks are already utilizing machine learning to stage attacks. We will need to apply these same methods to defend. Detecting and counteracting threats through analytics and machine learning requires focused research.”
“To realize effective data-driven defense, organizations must invest in the orchestration of people, processes, and technology”, the PhD candidate concludes. “This trinity cannot be treated in isolation. If we wish to arm ourselves against the risks of increasingly sophisticated cyberthreats, we must accept and commit the costs involved.”
“Structured planning is required to realize data-driven defense.” Mongeau's advice is to start by examining where data-driven cyber defense already works well. “A simple example is filtering for phishing emails. Popular email platforms already use machine learning to detect and filter-out dangerous emails from your inbox. The same methods can be used to identify suspicious network traffic and device behavior.”
Mongeau emphasizes the urgency of embracing data-driven security: “While data science is a popular topic, best practices for realizing the benefits are lagging. The field of cybersecurity data science has emerged in the last three years. However, the methods are already being adopted by adversaries. We are already seeing the effects, for instance in the automation of fake news and misinformation campaigns. We can expect to see increasingly sophisticated attacks utilizing machine learning and AI.”
“The risks will evolve and expand. The risks relate not only to digital infrastructure, but physical infrastructure, health, and safety. Consider, for example, water management, healthcare, and traffic control. As the digital world increasingly manages the physical world, we must be increasingly cautious concerning digital defense. By investing in research and development for cybersecurity data science we can defend national interests and improve preventative measures.