I’ve been a huge fan of data analytics in computer security for a long time, including dozens of my columns over the last 12 years at CSOOnline and InfoWorld. Fan probably isn’t a strong enough adjective. Stalker is probably closer.
As a 30-year computer security consultant, I’ve watched nearly every company I work for ignore the data in front of their eyes to pursue a defense that will never, ever keep out malware and hackers. For example, I would tell them they need to patch software that was being used over and over again to break into their company, and they would respond by asking me to install disk encryption. Or I would give them data showing that their employees were being socially engineered by an advanced persistent threat (APT) and needed better end-user education, and they would respond by buying far more expensive host intrusion prevention devices.
Whatever I told them they needed to do, even if given the best data to support my findings, even if they agreed with me in front of my face, they did something else. Whenever I went back to those same companies, rarely had they done the most significant thing they could have to improve their computer security…