As hospitality and gaming organizations have become increasingly dependent on technology to conduct their operations, they face a growing threat in the form of attacks on information systems. These attacks can take multiple forms: theft or damage to hardware and software as well as attacks on the information contained in these systems, normally in the form of data breaches, but also in the form of disruption to the services that these systems provide.
Like any service industry, hospitality and gaming is built on customer perception. Service organizations need to ensure that all aspects of a guest or patron stay are excellent; this also extends to the security with which you handle your guests’ personal information. A guest data breach runs the risk of escalating your company into the headlines; however, these breaches occur a lot more frequently than is indicated by the headlines alone.
According to a recent Duke University/CFO Magazine Global Business Outlook survey1, 80% of US companies indicate their systems have been successfully penetrated. And, the attacker’s “dwell time” once inside the organization’s network is frequently measured in months, not minutes. Sadly, according to Enterprise Management Associates (EMA) report “The Evolution of Data Driven Security”, 69% of organizations feel only “somewhat confident” up to “highly doubtful” they could detect an important security issue before it had a significant impact. In fact, the majority of organizations are informed of data breaches by third parties.
The reason? Over time, attackers in the network increase their information advantage over the organization. The attackers learn more about the network—where sensitive data resides and/or how best to cause disruption— while their tracks get further buried in the billions of network events and hundreds of security product alerts that the IT security team must act on. It’s likely that attackers trip multiple alerts while they are probing your networks, but these alerts get lost in the volume of data that describes network traffic and activity.
Data breaches and disruptions caused by cyber attacks can have a significant negative impact on a hospitality and gaming organization’s profitability, brand reputation, compliance status and ability to compete in the market. Organizations are investing millions of dollars in cyber threat prevention and detection systems to increase their responsiveness to cyber threats and reduce the risk of data breaches and business disruptions. However, detecting potential attacks is not without its challenges.
Alert saturation and wasted efforts. The “dump data now, analyze data later” model is inefficient and too time-consuming, given the volume of data and shortage of security talent. While your IT security team struggles to manage the volume of alerts, attackers could be leisurely probing your network.
Time to detect threats. The volume of data to interrogate creates a circular problem. The longer it takes your IT security team to identify abnormal network behavior, the greater attacker’s advantage becomes. It’s easy for the IT security team to become overwhelmed while investigating the amount of alerts, some of which can be faulty or irrelevant. By the time you have identified the patterns of an attack, an attacker can have a significant information advantage over your network’s operations.
Limitations of rule-based approaches. Keeping rules current to the attacker’s latest tactics can be challenging. You can’t detect new, advanced or evolving threats if you haven’t already accounted for them in your rules. And with rule-based approaches, the volumes of alerts make it difficult to prioritize those that need to be actioned first. Under these conditions, it is only possible for your IT security team to focus on reacting to attacks in progress versus proactive deterrence of attacks.
Skilled and experienced security talent is in high demand. The shortage of such security talent has reached critical levels. With the frequency and severity of cyber attacks increasing, it’s more important than ever to ensure your security teams stay engaged and focused. And don’t forget your first line of defense – your employees. Cyber security awareness needs to be the priority of every team member who accesses your network.
What hospitality and gaming companies need is a comprehensive approach that quickly processes the “big data” of network events, identifies and flags unusual events and allows cyber security threats within the network to be detected accurately. With malicious activity increasing and a critical shortage of security talent, many organizations are turning to analytics with the hopes of identifying network threats quickly, effectively and efficiently. However, some analytic platforms have limited ability to process the volume, variety and velocity of daily network events in a timely manner and to deliver accurate results in a consumable manner for incident response teams and security leadership.
Every attack leaves traces, however subtle, in your networks, devices and application logs. The key to identifying those traces and proactively fighting cybercrime is being able to analyze the vast amount of network activity over time. Identifying and fighting cyber attacks is a classic big data problem, and like many big data problems, valuable insights can be gained by using advanced analytics.
Advanced analytics identifies normal behaviors and patterns of network entities – servers, workstations and users – so it can spot when a network entity steps outside its normal range of behavior. For example, a user connecting with IP addresses overseas or sending packets of information during off hours might be a sign the user’s account has been hacked. When used in combination with correlation (i.e., several suspicious events happening at once), analytics can also classify, or score, alerts based on priority.
When evaluating your analytic approach to cyber security, you should consider the following:
Understand your normal patterns first. What does normal network activity look like? How does activity vary by time of day and day of week? Which servers or workstations are meant to interact with each other and when? By mining historical data, analytics creates a profile for how your various network entities normally behave. Based on a given profile, analytics can then quickly detect if a behavior varies from the norm. Understanding typical activity can make it much easier to spot abnormal patterns and investigate in a timelier basis.
Use all of the data available. In the past, storing and processing all of the interactions across your networks would have been too costly for most hospitality and gaming companies to consider. This is not the case today. Storing and accessing data has become faster, cheaper, scalable and most importantly more flexible. Grid computing, in-memory and indatabase processing have greatly increased the “speed to results” time for analytics. These advances have put large scale cluster computing and analytics designed to filter through data rapidly within the reach of most hospitality and gaming organizations.
Fine-tune your alert processes. False alerts are common when using business rules-based alert systems. Some of these false alerts may be caused by attackers who are trying to understand what level of alert will trigger an action from your organization. In many cases these critical alerts are being lost in the volume of alerts that your IT team needs to process on a daily basis. Behavioral analysis can help alleviate this issue. By reviewing patterns of activity, analytics can dramatically reduce the number of alerts, allowing your IT team to only focus on critical alerts.
Leverage analytics in real-time. By using real-time predictive and behavioral analysis, hospitality and gaming companies can identify immediate threats to their data security, fast. As patterns are evaluated in real-time, additional insights can be fed back into analytical models, ensuring that your detection approach evolves as your attackers techniques do.
Cyber security is a high level concern for the executives of many companies regardless of industry. C-level executives and Boards of Directors are taking greater interest in security, as they become concerned that they will be next company to be featured in the headlines. Chief Information Security Officers are concerned because they know that most of their networks have been successfully penetrated and attackers are able to hide inside for months without detection. Today, being able to predict and evaluate complex events as they unfold is critical. Analytics gives you the ability to process and get insight into huge volumes of disparate data, making it the perfect method for staying ahead of cyber crime.
Analytics can provide a more strategic approach to cyber threats, providing an essential layer of cyber defense by heightening the intelligence of your existing security infrastructures. Compared with traditional cyber security methods and efforts, leveraging big data and behavioral analytics allows hospitality and gaming companies to improve their situational awareness and information security. Implementing analytics can help hospitality and gaming organizations to better understand what, when, why and how threats can potentially have an impact on an organization, and how they can determine the most appropriate action to meet the challenges ahead.
1Tight Labor, Lax Security. (2015, July 16). Retrieved September 9, 2015, from http://ww2.cfo.com/global-business/2015/07/tight-labor-laxsecurity/?utm_source=twitter&utm_medium=social&utm_content=Oktopost-twitter-profile&utm_campaign=Oktopost-July Editorial 2015
Natalie Osborn is senior industry consultant for SAS Institute’s Hospitality and Travel practice, and an 18+ year veteran of hospitality and hospitality technology solutions development, specializing in analytics and revenue management. Prior to joining SAS, Natalie was the director, product marketing for Minneapolis-based IDeaS Revenue Solutions, where she worked from 2000 to 2011. She is a frequent contributor to industry publications, speaker at industry conferences and is co-author of the SAS and Cornell Center for Hospitality Research blog, “The Analytic Hospitality Executive.”