THE STATE OF computer security is not pretty. Every week reveals a new data breach or ransomware assault, and the cost of those incursions is skyrocketing: about $4.24 million per incident, up 10% from 2020, and about $401 million for a mega breach at a large corporation.
While study after study shows us that digital data is under increased attack, relentlessly and from all sides, few companies have confidence they could thwart them when hit.
Why the disconnect? The old way of thinking about security — stronger locks, higher walls – is outdated and ineffective. “When defending an organization, too often we just focus heavily on tools, technology, and reactive scenarios,” said T.J. Campana, Managing Director Group Head of Global Defense and Chief Technology Officer at HSBC, the multinational bank. “But the security business is a data business. And the data always has a story to tell us.”
The quality of security, he added, is proportional to the information that can be distilled from petabytes of data that endlessly flows through company networks. That means “empowering people to get the right insights, in the right way to quickly prevent, detect, and respond to threats, wherever and whenever they occur,” said George Webster, Executive Director of Global Cybersecurity Science and Analytics at HSBC.
If a big organization is made up of tens of millions of parts that must click together seamlessly, security keeps those seals tight. Data gathering, analytical tools, and human intellect work together as one. This involves fusing the data science and security operation departments, creating an enhanced relationship that results in better defenses, insight into the security posture of the organization, and the ability to respond at the pace of the adversary.
But working across years of data at petabytes scale is not an easy task, especially when a long time is measured in minutes and the adversary is constantly working against you. To put this in perspective, the security teams at HSBC intake 10x the amount of data contained in all of the books in the US Library of Congress every day, and must process months, if not years, of data at a time. That is where innovative design, smart people, and leveraging the right technology come into play. “We have to break the paradigm of the tool being the end goal of defense and instead view the tools as an enabler of our people,” said Webster. “It is always about the people,” chimed in Campana.
HSBC turned away from the common security paradigm by leveraging the big data processing techniques from Azure Databricks. In many ways, their open source Delta Lake is the key enabler with Spark being the engine. Delta Lake allows these teams to structure, optimize, and unlock data at scale, while Spark allows multiple complex programs to seamlessly crunch through the data. This enables HSBC’s security teams to constantly evolve their defenses, create new capabilities at pace, and perform investigations that were previously impossible. When a new threat emerges, the bank doesn’t have the luxury to wait for the security market to identify, respond, and mitigate. Instead, the bank turns to its people and creates what is needed at breathtaking speed.
It’s an essential function for HSBC, which needs to continually think about how to keep more than 40 million customers in 64 countries and territories safe. Taken together, it’s an all-brains-on-deck moment with data and people guiding the ship. It’s also a tall task for a company as massive and multifaceted as HSBC. Headquartered in the UK, it is one of the largest global banks (total assets: a whopping $2.968 trillion), with business operating across Africa, Europe, Asia, and the Americas. It’s also the largest bank in Hong Kong and even prints some of the local currency, which bears the HSBC name.
The bank’s cybersecurity approach involves fusing the data science and security operation departments, creating an enhanced relationship that results in more efficient threat discovery, rapid development of operational use cases and AI models. This enables the continuous creation of capabilities that stop adversaries before they even start. “We have to get out of the mindset that security is a walled garden,” said Webster. “We must create truly collaborative environments for our people to enable the business to operate,” said Campana.
Staffing this symbiotic power center will be someone Campana optimistically calls “the analyst of the future”, a description that’s both mindset and skill set – threat hunter and data scientist.
In addition, when another organization is hit by cybercrime, HSBC analyzes it to understand how they may have responded and then improves its defenses accordingly. That’s in contrast to the industry norm; a Ponemon survey revealed that 47% of organizations have not assessed the readiness of their incident response teams. That means the first time they test their plans will be at the worst possible time — in the middle of a cyber attack.
The proactive approach is a far cry from the old reactive conveyor belt model of security when alert tickets were received from tooling and processed in a slow and linear way. Today, cross-disciplinary security teams don’t just react; they continually search for the signals in the noise — tiny aberrations that indicate something’s not right – and send up red flags in real-time. “We’re scanning hundreds of billions of signals per day. I cannot wait; we need situational awareness right now,” said Campana
That increased speed is critical for threat assessment. Information theft may be the most expensive and fastest-rising consequence of cybercrime, but data is not the only target. Core systems are being hacked in a dangerous trend to disrupt and destroy. Regulators are also increasingly asking banks for controls in place to detect and preempt financial crimes. That’s where big data tooling like Delta Lake and Spark shine, and where it will continually be called on to address security needs of new initiatives.
“Digital security is about organically adjusting to risks,” said Webster. “It’s a journey of continual discovery with one central goal: to protect customers. They want things easy and they want them quick. It’s our job to make sure that it’s secure.”
This story was produced by WIRED Brand Lab for Databricks.