Story image

How to address the security risks created by big data

08 Jun 17

Big data is full of possibilities - including possibilities for security breaches. The more data your organisation has, the more likely they'll be targeted by an attack according to advice from Aleron.

“Never before has so much information been so readily available to organisations. Those that have worked out how to aggregate and analyse that data effectively are reaping benefits such as better, faster decision-making, improved understanding of customer behaviour, and the ability to predict some future events," comments Alex Morkos, Aleron's director.

However, he believes that organisations haven't quite mastered the security challenges associated with it.

“The more data an organisation possesses, the more likely it is that they’ll be a target for attack. This is especially true if they collect and store sensitive information such as credit card details, mailing addresses, passwords, and so on; cybercriminals can gain big financial rewards once they have their hands on this data.”

Breaches also come with tough consequences, and not just through financial penalties. Once customers lose faith in businesses, it's hard to get them back.

“Data is both friend and foe; it can help organisations be more effective but it can also make them a target. Too many organisations are holding onto massive amounts of data that they don’t need anymore. When the analysis project is done, businesses should look to dispose of the information safely. However, for many organisations there’s almost a fear of missing out if they delete the data," Morkos explains.

Aleron has put together a list of six key tips to protect data and reputations:

1. Decide what data really needs to be collected. Some businesses collect data for its own sake rather than for a specific analysis purpose. This is dangerous, as it leads to overwhelming amounts of data that are hard to protect. Businesses should limit data collection to the information required for specific purposes. This is also a requirement of the Australian Privacy Act.

2. Understand the value of data. Many organisations don’t even know what data they possess, nor do they know its value. This value increases the more data is connected. Until the value is known, organisations can’t make informed decisions on what to do with that data and how to protect it.

3. Classify data so it can be found. Data is constantly in motion. Classifying it makes it easier to find and, therefore, protect.

4. Employ a mature data infrastructure team. Managing data appropriately is essential to minimising the risk. This means storing or managing the storage of data in a way it can defend itself, or being able to de-personalising information where possible and deleting it where appropriate.

5. Know where the data lives. For some organisations, data lives in a mixture of on-premise and cloud-based repositories and is regularly transmitted for analysis purposes. It’s important to know where data lives and how those locations may affect its safety. For example, data stored in offshore data centres may not be subject to the same privacy laws as data held in Australia.

6. Educate staff regarding data policies. Staff members are often the weakest link in data protection, albeit often unwittingly. Educating staff regarding data collection, storage, and analysis policies and procedures reduces the chances they will inadvertently cause a breach.

“Businesses shouldn’t be afraid to leverage big data. However, they should protect themselves and their customers and stakeholders by putting strong security measures in place. This includes security technology as well as processes and policies designed to keep information safe, both at rest and in transit," Morkos concludes.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.