The Importance of Data Science in Cybersecurity: Insights from Steve Magowan

The advancement of technology has led to the development of new tactics and methods for cyberattackers, making data protection and cybersecurity more critical than ever before. To improve their cybersecurity strategies, organizations are turning to data science. In episode 81 of The New CISO, Steve Moore welcomes returning guest Steve Magowan, VP of Cybersecurity at Blackberry, to discuss the importance of data science in cybersecurity and how it can be used to protect revenue today.

In this article:

• The benefits of data science in cybersecurity
• The caveats of data science in cybersecurity
• The importance of communication
• Using data to lower friction with security
• The current landscape of security threats
• Conclusion

The benefits of data science in cybersecurity

Data science plays a critical role in a company’s cybersecurity strategy by providing a better understanding of the environment, leading to more effective threat response. Data science can help organizations detect and respond to threats quickly, identify patterns and anomalies in data, and provide actionable insights that can be used to improve security measures. By analyzing data from various sources, including network logs, endpoints, and cloud services, data scientists can gain a comprehensive understanding of an organization’s security posture and identify patterns and anomalies that may indicate potential threats or vulnerabilities. Data science can also be used to create predictive models that can help to anticipate future threats and mitigate them before they occur. 

As Magowan says, “Data science is the science of risk management — taking the data available to you and translating that into risk management by identifying the threats and vulnerabilities to the organization, and then taking that data and turning it into intelligence.”

The caveats of data science in cybersecurity

While data science offers significant benefits, it is not without its challenges. One of the most significant challenges is the volume and complexity of data involved. Security teams desire a “single pane of glass” view of security data, but that’s difficult to achieve due to the complexity of security data. “The idea that you’re going to get every piece of security information you want presented through one single pane of glass is a concept that you work towards, something you strive for to bring things together. You’ll never get it perfect. You’ll never get everything in one pane of glass, but you try to mesh and amalgamate data,” Magowan says. “Quite often, you get disparate systems that were designed by different people at different times, and you need to bring data all together into a usable solution,” he continues.

Magowan also highlights that data scientists spend 90% of their time on “anger management,” dealing with the frustration of managing different data formats and sources. “Data quite often doesn’t cooperate, and you can get yourself into a situation where you’ve invested a great deal and just can’t make the data do what you want it to do,” he says.

The importance of communication

Effective communication is crucial when it comes to implementing a data science-driven approach to cybersecurity. Magowan emphasizes the importance of communicating expectations and setting realistic goals with senior executives. “Having a realistic understanding of what can be accomplished and what can’t be accomplished at the senior executive level and setting those expectations correctly is critical.”

Using data to lower friction with security

Data science can be used to lower friction in business processes to make interaction with security easier. Magowan believes that data science can help security analysts and incident responders more effectively respond to threats. He recommends auditing all tooling against the MITRE ATT&CK^® framework and mapping solutions to problems. By doing this, organizations can ensure that they’re solving all the problems in the ATT&CK framework with the tools they own. Magowan also mentioned that this approach has allowed him to optimize the effectiveness of his security program and realign his entire budget and software arsenal.

The current landscape of security threats

Organizations need to be more vigilant in their cybersecurity efforts because, as Magowan notes, “attackers are becoming more sophisticated. They’re using artificial intelligence, machine learning, and automation to conduct their attacks.”

Organizations must also be aware of the threats that come from within. Insider threats, whether they be from a malicious insider, compromised insider, or negligent insider, can be just as dangerous as external threats. To combat this, Magowan stresses the importance of educating employees and implementing policies and procedures to prevent accidental or intentional breaches.

Conclusion

Data science plays a critical role in the success of a cybersecurity program by providing organizations with the tools and insights they need to protect themselves from cyberthreats. By using data-driven approaches, organizations can identify threats, detect anomalies in real time, and even anticipate future threats before they occur. With careful data management and a methodical, data-driven approach, organizations can use data science to protect their revenue and stay ahead of emerging threats. As Magowan states, “your job is to enable business outcomes and protect business revenue. All of the technical things you do are for that purpose.”

Listen to the Podcast

For more insights from Steve Magowan, listen to the full episode or read the transcript.