Companies and public entities are taking unprecedented measures to prevent data breach. But what happens once the system has been penetrated?

Companies and governments are allocating significant resources to data security. However, with data breaches becoming increasingly commonplace, we are faced with questions about how to handle the situation. Analytics enables us to identify abnormal events before significant damages are inflicted.

In the era of the industrial internet, the role of data security has become more vital than ever before. Digitalisation is reaching all areas of our daily lives, with not only computers and mobile devices connected to the internet, but household appliances as well. Data security should keep up with the development of connectivity.

Without any protection, a device connected to the internet can be infected within minutes. The need to protect information has inflated the sector, and there is no short supply of service providers.

Network providers offer hardware-based data protection solutions, while software companies provide protection against constantly evolving viruses and malware.

Despite all these layers of protection, even large companies are under constant threat. For example, the network of the Ministry for Foreign Affairs of Finland was spied on for years. Cyber-attacks can cause significant financial losses as well as damages in reputation.

Firewalls and data protection software are extremely important. Nevertheless, regardless of how strict the security measures are, someone can still breach the system. Even in cases where the protection is not breached, there may be a user within the system doing something they should not be doing.

According to Ponemon Institute's report, up to 35 per cent of all data breaches go completely unnoticed. This is why companies should apply proactive analytics in order to immediately detect any abnormal network traffic within their systems.

Network traffic analysis helps minimise damages

Analysis of one's own network should begin by recognising normal behaviour and looking for any abnormalities.

Analysis of organisation's own network should begin by recognising normal behaviour and looking for any abnormalities in the behaviour.

If, for example, the accounting department's system is visited by various workstations in the middle of the night, alarm bells should be ringing. Without monitoring and real-time analysis, such abnormalities can only be discovered after the damage by reviewing logs.

Typically, a system is breached by infecting one machine which is spied in order to discover user identifications and passwords. Slowly, the attackers are able to access another machine or server, while mapping the system and the type of information that is contained within.

This type of snooping can be stopped by network analysis, preventing any major damages.

However, it is essential that the analysis is carried out quickly and in real time. Data moves within networks so rapidly that human monitoring is practically impossible, which is why machines are relied upon for analysis. At the same time, we have to adopt the mentality that data security is also the concern of the management, not only the IT department.

Many modern companies operate entirely within the digital spectrum, and a cyber-attack can have potentially catastrophic consequences. With the evolution of digitalisation, security and data traffic monitoring has become a key part of strategic operations in some of the more traditional sectors as well.

One salient example of this approach is the position of Chief Digital Officer, which many companies have implemented in their management groups. Such positions will undoubtedly increase in the near future.

SAS has prepared a white paper listing 8 keys to cyber security.