There is no shortage of reasons for consumers to fear identity theft. Online shoppers, senior citizens, and even the deceased are vulnerable to financial loss and the protracted process of restoring damaged credit scores.
But risk also is rising for the businesses that manage customer data. A total of 69 percent of executives responding to a recent survey by McKinsey and the World Economic Forum expect the sophistication and speed of attackers to increase faster than their companies’ ability to defend against attacks. According to one executive with a pharmaceuticals company, “[The attackers] need to get lucky once and have the ability to evolve so rapidly. Our large company just isn’t agile enough to match [their] pace.” Customer trust, reputation, and revenue are on the line.
There are no easy answers. But as identity thieves continue to break defenses, enterprises need to go on offense. Those that use analytics to spot and stop unusual behavior are best positioned to minimize harm to their customers, partners, brand, and assets.
As with other aspects of analytics, this means taking advantage of the three V’s of big data: Volume, Variety, and Velocity. Enterprises already are investing in software to correlate data points with behavior-tracking algorithms. But they often neglect to create the underlying data infrastructure that can truly capitalize on the three V’s.
Here are some recommended best practices.
Financial institutions, online retailers, and other digitally driven businesses need to stay on top of millions of events. This requires an infrastructure that can scale rapidly and store high volumes of records. Databases traditionally serve as the system of record for transactions. New platforms such as Hadoop can host copies of these transactional records, as well as mountains of social media posts and other data points that help connect the dots of criminal activity. High data volumes provide detail – for example, extensive historical records can yield new insights or increase certainty that a certain actor has malicious intent. With data volumes doubling every two years, organizations need to continue to process data at scale and cost-effectively.
The variety of data types increases risk, given the all the personal information and points of attack that smartphones, Facebook posts, and other new data streams offer to identity thieves. But data variety also gives credit agencies and financial service firms more potential clues as they hunt for malicious behavior. They must monitor checking and savings accounts, credit cards, social security numbers, and the thousands of websites that illicitly buy and sell this information. They also can track social media posts to locate suspects and track their activities. Enterprises in all industries must constantly look for clues like this in new places.
But finding a few needles in all those haystacks is difficult. It means building scalable platforms that can ingest many types of structured, semi-structured, and unstructured data. Because most enterprises have more than one data repository, they must invest in data movement tools that support all the major relational database management system, data warehouse, cloud, and Hadoop platforms. They cannot afford to wait on manual coding to integrate new datasets or delay updates with slow batch loading, because the thieves are moving too fast.
Cybercriminals can wreak havoc quickly. To stay on top of threats, enterprises need to study the necessary data points in real time. In the area of Extract, Transform, and Load software, change data capture technology enables real-time analytics by instantly relaying updates from source to target without unnecessarily recopying unchanged records. The difference between millisecond updates and hourly batch loads can translate to thousands of dollars, or more, in damage for a given customer and, by extension, the vendor that was compromised.
I am an example of the power of real-time analytics. I once dropped my wallet in a beach parking lot in northern California and, after two hours of surfing, discovered that I had been robbed. My bank, recognizing that the thief’s first debit card transaction was out of character for me, shut down the transaction and called me with an alert. But my credit card company wasn’t watching. It needed me to point out to them that it wasn’t me who racked up a month’s worth of transactions in one morning, all at unfamiliar vendors. My bank lost no money, and the credit card company lost $3,000.
And, just as important as the other V’s of big data, an extra V is Vigilance. Employees at all levels must assume responsibility for being watchful and flagging suspicious behavior, in no small part because insiders are a big part of the problem. Rogue employees, insufficient training, poorly communicated security policies, and human error all combine to increase risk.
To instill a culture of vigilance, top executives need to mandate that all employees follow clear security policies, and enforce them with data usage policies and controls that are specific to individual roles. The most sensitive data should be protected with end-user role-based access controls, and the usage of this data should be closely monitored.
This war on cybercriminals will never see a decisive battle. But the right data management tools can give us the upper hand in each skirmish and help turn the tide.
Kevin Petrie is a technology marketing leader at Attunity, with 20 years’ of experience in high tech, including marketing, big data services, strategy, and journalism. He is a frequent speaker and blogger, and has published recent articles in various technology publications. He is a bookworm, outdoor fitness nut, husband, and father of three boys.
Subscribe to Data Informed for the latest information and news on big data and analytics for the enterprise.