Have you ever asked yourself what happens in the background when you open your favourite news site (say nzz.ch) on your computer?

This apparently simple process starts an avalanche of data requests in the background. In order to load all the pictures, links and adverts that appear on your screen, nzz.ch contacts numerous other servers which again connect to further servers. Thus, with one single click, a massive amount of interactions is triggered behind the scenes. Over the course of a working day, you will navigate further in the internet, as will your co-workers. This way, a typical larger company generates around 50 million such interactions across 100’000 servers every day.

Hackers hide in plain sight, hidden in millions of data points

The interactions of corporate devices with the Internet are stored in so called log files. The actions of hackers are typically also recorded in these log files. However, due to millions of regular activities taking place every day, the attackers actions become hidden in plain sight, like the infamous needle in a haystack. Which is why the average time required to identify a data breach is as long as 197 [1] days. This leaves the attackers plenty of time to observe and mirror your actions, infiltrate further systems and extract valuable or highly-sensitive information.

Such information can also include your data. The world’s biggest hotel operator – Marriott – reported a cyber attack at the end of 2018. The hackers have allegedly compromised personal data of over 500 million customers, including passport numbers, credit card details and physical addresses. While the data was encrypted, it is likely that the hackers also managed to gain access to the decryption methods. They had plenty of time – it is assumed that the hackers have been undetected within Marriott’s IT networks since 2014.

Common anti-virus software is not sufficient prevention for such an attack, as it only provides protection to threats which are already known to the software, but is unable to identify new attacks. How would you feel if a burglar could circumvent your alarm system, break into your house and remain there over several months, undiscovered?

Widespread cyber-attacks are not a rarity anymore

Cyber attacks with significant data loss and severe consequences are not a rarity anymore in todays connected world. Over the next five years, costs of such attacks are expected to be as high as five trillion USD [2]. Already now, reinsurers estimate that the costs of cyber attacks exceed the global financial damages of natural disasters [3]. Even companies which are thought to be security-affine can be victims of a hacker without realizing it for years.

A prominent example in Switzerland is the case of the government-owned defence company Ruag. In 2016, it was detected that Ruag, who also offers cyber-security solutions, was hacked. The hackers are assumed to have first entered Ruag’s network in 2014 and thus remained undetected over a year. Between 2014 and 2016 the hackers were able to exfiltrate more than 20 gigabytes of data. To print this amount of data, 10 tons of paper would be needed. The Ruag-incident is only one example in a long line of high-profile company breaches over the last few years. The most recent attack that was made public is the data breach of the US software giant Citrix. Concerningly, it is assumed that Iranian hackers gained access to Citrix already 10 years ago and were lurking around in its network ever since.

From 197 days to 1: reducing the detection time

Companies often invest in prevention measures such as anti-virus software or data encryption. However, from the examples above, it becomes evident that this is not sufficient anymore. A second line of defence for the case when an attacker manages to bypass prevention measures and infiltrate an organization is required. In fact, bigger companies already systematically collect the vast before-mentioned log data, but don’t have the means to analyze it. This is where companies like Exeon Analytics come into play. Exeon Analytics’ award-winning algorithms are capable of analysing large amounts of data quickly and efficiently. Our solution uses machine learning to quickly differentiate between normal web-browsing and potentially threatful activities. Big data algorithms further enable to identify regular patterns and raise alerts in case of deviations. If the haystack represents the IT data of a company and the needle represents the attacker, then Exeon Analytics is the magnet which reveals even the smallest needle in a fast and reliable manner. As a result, the average detection time of a data breach can be reduced from 197 days to a single day.

[1]IBM: 2018 Cost of a Data Breach Study by Ponemon (https://www.ibm.com/security/data-breach)

[2]Accenture: Securing the global economy 2019

[3]Torsten Jeworrek (board of directors MunichRe) at Monte Carlo Reinsurance rendez-vous



Author Carola Hug, Head Business Development, Exeon Analytics

More posts by Carola Hug, Head Business Development, Exeon Analytics