By Vincent Berk, Vice President, Chief Architect Security, Riverbed Technology

In 2020, Data Hoarding is Out and Cyber Hunting is In

Artificial Intelligence faces a “put up or shut up” moment as companies put the technology’s capabilities to the test.

For some companies, the proliferation of the cloud and its immense data storage capabilities have become double-edged swords. As the flood of data has become more of a deluge, some organizations have become "data hoarders," collecting anything and everything. That includes information that doesn't necessarily help the business grow.

Big Data Gets Riskier in 2020

Sure, big data can deliver tremendous business value. But organizations are beginning to recognize that some of the data could also be a liability and that holding on to it for no apparent reason puts the organization at risk unnecessarily. The risk of sensitive client data being breached, for example, could have a substantial impact on a company's bottom line, especially as consumer data protection laws such as CCPA, which is coming down the line in 2020, continue to emerge.

It's easy to say that a solution to the data deluge will be found in Artificial Intelligence (AI) and Machine Learning (ML) - two of the most overhyped buzzwords in the industry today. But in 2020, the AI/ML hype will face some "put up or shut up" moments as it's forced to show how it can deliver real-world value for companies struggling to identify which data points are business critical and which ones expose  companies to unnecessary risk.

Consider how many commerce sites use customer data to analyze shopping and spending habits to make recommendations on other products that customers might like. Keeping data about the brands, colors and styles that customers prefer can help online retailers push other products that their customers might like - a value-add. But holding on to credit card or shipping address data, for example, could create risk for both the company and the customers if that data is breached.

If the technology can determine, for example, whether customers abandon a shopping cart because they're forced to enter their credit card number for every transaction, it allows the retailer to weigh the business value of keeping that information against the potential risk it creates.

Cyber Hunting Will Become Mandatory for Organization's Security

But understanding which data points are valuable and which ones are risky is only one concern. In 2020, we will see an increase in the number of "advanced persistent threats" (APT) - sophisticated, systematic cyber-attack programs that are often orchestrated by a group of skilled hackers and not only continue for an extended period of time, but also do the most damage. If an organization doesn't take proactive steps to combat these threats, the potential damages are unlimited.

As networks for organizations have grown, they have started to resemble the Roman empire - big, sprawling and hard to defend. And although static defenses slow down casual attacks, the APT will find a way to penetrate and organizations will be forced to fight them on their home turf.  

Since a skilled adversary rarely trips the detectors, organizations will increasingly be forced to hunt proactively for them through a tactic known as "cyber hunting," the process of proactively and iteratively searching networks to detect and isolate advanced threats that evade existing security solutions.

As hackers become smarter and find new evasive ways to infiltrate a network, organizations in 2020 will begin adopting the proactive cyber hunting approach to complement traditional reactive threat management approaches of installing firewalls, intrusion detection systems and SIEM systems.

In closing, as more data becomes available to organizations, the business decisions get tougher. Using data to grow customer loyalty and expand sales is certainly valuable. But protecting those same customers by being smart about the data that's being stored is also business critical. Expect organizations in 2020 to start holding technologies to their promises so they can determine the security measures - and data retention policies - that are best for them.

##

About the Author

Vincent Berk is Chief Security Architect at Riverbed and is responsible for setting the vision and strategy for networking solutions in the cyber security space. Berk joined Riverbed through the acquisition of FlowTraq, an enterprise security analytics company where he served as founder and CEO. Previously, Berk taught computer science at Dartmouth College. He has a Ph.D. in machine learning and large scale data analytics from Leiden University and holds several patents in the application of large scale data analytics in cyber security.