sb-as logo
Story image

How to address the security risks created by big data

08 Jun 2017

Big data is full of possibilities - including possibilities for security breaches. The more data your organisation has, the more likely they'll be targeted by an attack according to advice from Aleron.

“Never before has so much information been so readily available to organisations. Those that have worked out how to aggregate and analyse that data effectively are reaping benefits such as better, faster decision-making, improved understanding of customer behaviour, and the ability to predict some future events," comments Alex Morkos, Aleron's director.

However, he believes that organisations haven't quite mastered the security challenges associated with it.

“The more data an organisation possesses, the more likely it is that they’ll be a target for attack. This is especially true if they collect and store sensitive information such as credit card details, mailing addresses, passwords, and so on; cybercriminals can gain big financial rewards once they have their hands on this data.”

Breaches also come with tough consequences, and not just through financial penalties. Once customers lose faith in businesses, it's hard to get them back.

“Data is both friend and foe; it can help organisations be more effective but it can also make them a target. Too many organisations are holding onto massive amounts of data that they don’t need anymore. When the analysis project is done, businesses should look to dispose of the information safely. However, for many organisations there’s almost a fear of missing out if they delete the data," Morkos explains.

Aleron has put together a list of six key tips to protect data and reputations:

1. Decide what data really needs to be collected. Some businesses collect data for its own sake rather than for a specific analysis purpose. This is dangerous, as it leads to overwhelming amounts of data that are hard to protect. Businesses should limit data collection to the information required for specific purposes. This is also a requirement of the Australian Privacy Act.

2. Understand the value of data. Many organisations don’t even know what data they possess, nor do they know its value. This value increases the more data is connected. Until the value is known, organisations can’t make informed decisions on what to do with that data and how to protect it.

3. Classify data so it can be found. Data is constantly in motion. Classifying it makes it easier to find and, therefore, protect.

4. Employ a mature data infrastructure team. Managing data appropriately is essential to minimising the risk. This means storing or managing the storage of data in a way it can defend itself, or being able to de-personalising information where possible and deleting it where appropriate.

5. Know where the data lives. For some organisations, data lives in a mixture of on-premise and cloud-based repositories and is regularly transmitted for analysis purposes. It’s important to know where data lives and how those locations may affect its safety. For example, data stored in offshore data centres may not be subject to the same privacy laws as data held in Australia.

6. Educate staff regarding data policies. Staff members are often the weakest link in data protection, albeit often unwittingly. Educating staff regarding data collection, storage, and analysis policies and procedures reduces the chances they will inadvertently cause a breach.

“Businesses shouldn’t be afraid to leverage big data. However, they should protect themselves and their customers and stakeholders by putting strong security measures in place. This includes security technology as well as processes and policies designed to keep information safe, both at rest and in transit," Morkos concludes.

Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More
Story image
Trend Micro adds cloud-native container security to Cloud One Services Platform
Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimise application downtime across Kubernetes environments.More
Story image
Top security threats for 2021
2021 will see several themes develop into full blown security threats, many of them borne from the struggles of pandemic-stricken 2020, writes Wontok head of technology Mick Esber.More
Story image
Cyberattacks on healthcare organisations "out of control" - Check Point
There has been a 45% increase in cyberattacks on healthcare organisations worldwide in the last two months, making healthcare the most targeted industry by cyber criminals.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More