Cybersecurity and Data Analytics: Double Dipping on Two Hot Trends

IT used to be simple. Well, maybe simple is the wrong word – IT has always needed highly skilled people to operate hardware and write applications – but at least it was simpler than it is today. For a long time, the vast majority of IT pros were focused heavily on infrastructure, with cybersecurity folded in as part of these responsibilities. A few companies had people writing software, but most firms just bought what they needed.

Today, the situation is much more complex. Infrastructure is still a huge focal point, and many more companies have invested in software development, especially for websites and mobile apps. In addition, two other fields have emerged as standalone disciplines for many organizations:

1. Cybersecurity requires dedicated focus as businesses are concerned with securing critical digital assets.
2. Data is quickly coming into its own as companies aim to pull value out of all their information.

CompTIA’s whitepaper on A Functional IT Framework describes the breakdown of these four areas in more detail, and it also describes how their overlaps create opportunities for knowledgeable IT pros.

In the whitepaper, the overlap between cybersecurity and data was presented as the need to directly secure data, which has become more important in a cloud world that doesn’t have secure perimeters. There’s another way to view the overlap, though – the application of data analysis techniques to cybersecurity operations.

At the Intersection of Cybersecurity and Data Analysis

The field of data may be the youngest standalone discipline among the four IT pillars, but it’s certainly getting a lot of attention. The tools for managing and analyzing data have become much more powerful, and companies want to use their data to understand the past, make good decisions in the present and predict the future. So how does this fit in with cybersecurity strategies?

To start, it’s important to understand that cybersecurity analysis means different things to different people. As businesses were beginning to form cybersecurity teams, they typically used the title cybersecurity analyst to describe someone focused purely on cybersecurity operations. This person may not have actually been doing much data analysis in the way we think of it now.

As data analysis techniques are becoming more widely adopted, cybersecurity analytics is seen as a more advanced field straddling the line between cybersecurity and data. IT pros covering many aspects of cybersecurity may now have titles like cybersecurity engineer or cybersecurity specialist.

Moving forward, cybersecurity analysis will be the next step in defense. Until recently, cybersecurity strategies focused on defending against outside threats, typically in the form of a strong secure perimeter. Companies are now adding more proactive tactics like penetration testing, and they are also improving their defenses since it’s become clear that bad stuff can get in from many different vectors.

The Future of Cybersecurity Analysis

Taking the next step requires a deeper level of knowledge and expertise. Instead of simply monitoring a network for known attacks, a cybersecurity analyst needs to understand the type of behavior that might signal a new attack.

It’s important to understand data patterns, especially as data is traveling between cloud providers and corporate sites. It’s also important to understand user patterns, especially as more workers continue working from home or seeking other flexible working arrangements.

Cybersecurity Analysis Skills

Some of the key skills that a cybersecurity analyst might have include the following:

• Threat intelligence: The types of threats that could compromise a network have grown from malware and viruses to ransomware and supply chain attacks. Once hackers infiltrate a network, they can sometimes stay for long periods undetected. Knowing the different types of threats and how they might appear within a network is the first step to detecting any problems.
• Intrusion detection and response: While intrusion detection systems may lean a little more toward the type of tool that flags known attacks, they are still a good tool for any cybersecurity analyst. The more important part of the equation is response: What do you do once something has been detected? The answer involves understanding root cause, determining the extent of the breach and taking the necessary steps to repair damage.
• Risk analysis: Especially when dealing with potential breaches as opposed to confirmed attacks, cybersecurity analysts must be able to communicate the level of risk. Any response carries a cost, and companies can’t afford full-scale responses to every anomaly. Cybersecurity is becoming a business imperative, and this means building a financial case for action (or inaction).
• Data modeling: Finding strange behavior on the network requires an understanding of normal behavior. As artificial intelligence and automation are being used more heavily for cybersecurity, these tools require datasets and models for the algorithms to work. Past performance isn’t always a perfect indicator of future results, so knowing how to build and adjust models is an advanced skill that can pay dividends.

CompTIA’s State of Cybersecurity 2021 found that two primary forces are impacting the cybersecurity space. First, in terms of the overall economy, people aren’t seeing much improvement in the overall state of cybersecurity. Attacks are coming faster than ever and finding new ways to wreak havoc. Second, employees are feeling less satisfied with their company’s cybersecurity strategy.

With technology playing such an important role, cybersecurity practices need to be up to date. IT pros who can leverage skills in both cybersecurity and data analytics will be in a prime position to help their organizations move forward in these turbulent times.

CompTIA Data+ covers the data analytics skills you need for cybersecurity. Start studying with CompTIA CertMaster Learn + Labs for Data+. Sign up for a free trial today!