A worrying trend is emerging amongst organisations and enterprises that are only concerned with external data breaches, completely ignoring the internal threat. This is according to Simon Bain, CTO of search specialist Simplexo.
“Big Data is very much a hot topic right now. There doesn’t seem to be a day that goes by when we’re not being spoken to, about, or at on the subject. With this in mind, I wanted to conduct a swift survey to see how seriously organisations are taking the threat of data breaches in relation to big data. It was nothing too scientific: a quick internet search of the terms ‘Big Data’ and ‘security’ brought up 53,600,000 results in 0.31 seconds. A positive start, I thought initially, but as I dug deeper my optimism began to fade.
“The results largely featured companies advertising how they can analyse big data sets to see where a threat may arise from. So, in essence, nothing really about security at all, just about how to sell software to analyse web traffic and determine where a hack might occur. Now this might seem all well and good, but when you consider that now days the majority of serious attacks are no longer web based but internal, it does raise a few worrying questions.
“Generally, organisations handle web security rather well through DNS traps, firewalls, and various other defences. However, what is harder to prevent is an internal attack. Look at some of the recent examples in the press – the attacks on banks, for example – and you’ll start to see a pattern emerging. This is what I was hoping to see when I started this little experiment. However, with the exception of a few references, there is no suggestion that this is being acknowledged or taken seriously – shocking doesn’t even come close.”
Bain continued: “Security along with accessibility should be at the forefront of all new projects and technologies. Earlier this week, I was thumbing through the newspaper when I came across a startling story about a police officer, with access to license plate surveillance data, who pleaded guilty to bribing people based on their vehicle’s license plate being recorded at various ‘unsavory’ locations. Now, I’m sure that officer did not spend his nights wondering how he could access the system. This view of hackers is so outdated it’s almost Jurassic!
“The focus needs to be on the current bout of attacks, and seeing how these can be prevented or at the very least made harder to execute. This cannot happen until the owners of the data start to take the risks seriously, and also start talking more openly about data breaches. From this we can all then learn from each other’s experiences and mistakes.”