Big Data is very much a hot topic right now. There doesnt seem to be a day that goes by when were not being spoken to, about, or at on the subject. With this in mind, I wanted to conduct a swift survey to see how seriously organisations are taking the threat of data breaches in relation to big data. It was nothing too scientific: a quick internet search of the terms Big Data and security brought up 53,600,000 results in 0.31 seconds. A positive start, I thought initially, but as I dug deeper my optimism began to fade.
The results largely featured companies advertising how they can analyse big data sets to see where a threat may arise from. So, in essence, nothing really about security at all, just about how to sell software to analyse web traffic and determine where a hack might occur. Now this might seem all well and good, but when you consider that nowadays the majority of serious attacks are no longer web based but internal, it does raise a few worrying questions.
Generally, organisations handle web security rather well through DNS traps, firewalls, and various other defences. However, what is harder to prevent is an internal attack. Look at some of the recent examples in the press – the attacks on banks, for example – and youll start to see a pattern emerging. This is what I was hoping to see when I started this little experiment. However, with the exception of a few references, there is no suggestion that this is being acknowledged or taken seriously shocking doesnt even come close.
Bain continued: Security along with accessibility should be at the forefront of all new projects and technologies. Earlier this week, I was thumbing through the newspaper when I came across a startling story about a police officer, with access to license plate surveillance data, who pleaded guilty to bribing people based on their vehicles license plate being recorded at various unsavory locations. Now, Im sure that officer did not spend his nights wondering how he could access the system. This view of hackers is so outdated its almost Jurassic!
The focus needs to be on the current bout of attacks, and seeing how these can be prevented or at the very least made harder to execute. This cannot happen until the owners of the data start to take the risks seriously, and also start talking more openly about data breaches. From this we can all then learn from each others experiences and mistakes.