Cyberattacks analysis and monitoring dashboard in Power BI

/ Data Analytics, Data Visualisation, Power BI / By

Introduction

Cyberthreats are a growing concern for businesses of all sizes and across all industries. The global cost of cybercrime is estimated to reach $10.5 trillion annually by 2025, according to Cybersecurity Ventures. This staggering number reflects the direct and indirect costs of cyberattacks, including data breaches, ransomware payments, business disruptions, and reputational damage.

Organisations of all sizes need to invest in cybersecurity to protect themselves from these threats. This investment includes implementing security measures such as firewalls, intrusion detection systems, and employee security training. It also includes investing in real-time monitoring of cyber threats. Real-time monitoring of cyber threats is essential for organisations to detect and respond to attacks quickly. In addition, the monitoring of cyberthreats allows us to obtain a wealth of organisational information on the subject, helping us enhance organisational systems even further. This project uses a dataset of an several organisations from across the world, containing the details of historical data breaches experienced. The data and Dashboard backgrounds were provided on Github by Satyajit Pattnaik.

Dataset Overview

The following Table shows the general look of the dataset used in the project:

Column(s)DescriptionData type
Name_of_Covered_EntityName of company attackedText
Total IndividualsTwo separate columns showing the total employee count and total affected employees (by the breach)Whole number
Type_of_BreachCategorical column showing whether the breach was theft, hacking, data loss, etc.Text
Location_of_Breached_InformationShows whether the brach occurred via desktop, laptop, paper, etc.Text
breach_start and breach_endThe calendar date for the start and end of the breach (empty end date means breach still active)Date
Branch & DepartmentBranch and department where the breach occuredText
Country of BreachCountry of location for the breached companyText
Employee who discovered breachFull name of the employee who discovered the breach occuringText
Estimated data lostThe GB amount of data lost/ stolen as a result of the breachWhole number

Description of the actions taken in the project

  • I began by connecting to my dataset which I had stored onto MySQL local server, then imported it onto Power Query.
  • The dataset was itself clean, but however required several operations to prepare it for insightful analysis. In achieving this, I used Power Query to create five additional tables based on the main table. These included:
    • Branch – With two columns, BranchID and Branch name
    • Breach Type – With two columns, BreachID and Breach type
    • Country – To include the CountryID and names of all countries in the dataset
    • Department – Contains the DepartmentID and Department name
    • Employees – Containing the EmployeeID, names of employees who discovered breaches, and an image URL for retrieving the headshot of the employee.
  • Additionally, I added the relevant BrachID, BreachID, CountryID, DepartmentID and EmployeeID columns onto the main table to create table relationships. Once I did this, PowerBI was able to automatically detect the relationships.
  • To ensure I could visualise interesting information from the data, I created 13 DAX measures which complete a number of tasks. These measures include employee ranking (using the RANKX( ) formula) to find out which employee detected the most breaches, open breaches (using the CALCULATE( ) formula to count rows where breach end date = BLANK), and others. These measures were highly instrumental and responsible for the majority of visualisations on all dashboards.
  • I then created five dashboards following previous work by Pattnaik. These are the details of each dashboard:
    • Home: Uses data cards to present the overview of cyberthreats, counting the total number of breaches, affected employees, average length of each breach etc.
    • Employee Ranking: This dashboard ranks the 11 employees to determine and visualise the top performers (who detected the highest number of breaches).
    • Department Analysis: Uses various visualisations such as Tree Maps, bar charts, column charts, pie charts to show the breaches by department, and show the most affected department.
    • Branch Analysis: Similar to department analysis, I used various visualisations to visualise the attacks by branch.
    • Summary: Another dashboard which utilises data cards to present KPIs from the breaches, such as the total affected employees, total data lost, number of open/active and closed breaches, etc.
  • I also created and inserted four slicers to ensure users can filter all visualisations by country, department, branch, and name of employee who detected the breach.
  • I also added page navigation functionality at the top of each the dashboard to ensure ease of navigation between pages.

Insights from the dashboards

  • Results show us that only a small percentage of the breaches were closed, with well more than 60% of the total breaches still open.
  • Employee Kareena Rathore was the best performer of the 11, identifying 147 breaches (13.9% of total). Rajesh Rana came second, having identified 136 breaches (12.9%), and Carlos Sultan came 3rd, with 134 breaches identified (12.7%).
  • The most breached department is Department-15, with a total of 312 breaches, 216 of which are still open, and 62% of the stolen data! Meanwhile, Department-13 led with the highest number of days taken to end a breach, and Department-12 topped the total employees affected.
  • Similarly, Branch-2 had the highest number of total breaches (349), 314 of which are still open, and a 47% share of the data stolen.
  • Overall, the total breaches in the dataset affected 82% of the organisations’ employees, a figure of 16 million in absolute numbers. Up to 138K GB was stolen as a result of these breaches.

Implications and conclusion

The analysis shows the extent of potential and actual impacts of data breaches, hence, supporting the need for real-time monitoring. Results show that data breaches affected up to 82% of the organisations’ employees, showing that serious breaches can be quite capable of bringing some organisations to their knees.