Size Isn’t Everything – But Can You Keep Your Big Data Safe?

Big data needs protecting. Most importantly, protecting big data is essentially about protecting a business’ brand – and to do this demands a full understanding of where the data security risks lie. More often than not, vast amounts of important data float about the business outside the purview of IT, in applications, servers, databases, on mobile devices, and removable media storage units such as thumb drives. With data residing in ever more locations, it is ever more open to being breached, which can have a devastating impact on business reputation, and performance.

The 2012 Verizon Data Breach Investigation Report (2012 DBIR) recently analysed 855 data breaches across 174 million stolen records – the second highest data loss that the Verizon RISK (Research Investigations Solutions Knowledge) team has seen since it began collecting data back in 2004. The cybercrime investigated was truly global with the breaches originating from 36 countries. Verizon experts found that 56 percent of the data stolen was as a result of ‘hacktivism’; 79 percent were opportunistic and of all attacks 96 percent were not highly difficult, meaning that they didn’t require advanced skills or extensive resources to conduct. Surprisingly, 97 percent of the attacks analysed were avoidable, without the need for organizations to resort to difficult or expensive countermeasures.

Data risks arise from many types of threats both external and internal, and fall into a number of broad categories, including:

• Accidental or intentional security violations by staff or contractors
• Targeted organized crime and competitive espionage
• Data loss, including accidental misplacement or deletion
• Malware, malicious code, and advanced computer viruses
• Unwatched and unpatched security defense mechanisms such as firewalls
• Inability to produce needed information at a given time for an audit or similar event
• Natural disasters and hardware malfunction

In relation to the breaches investigated, the 2012 DBIR found that external attacks remain largely responsible for data breaches, with 98 percent of them attributable to outsiders. With a rise in external attacks, the proportion of insider incidents declined to 4 percent. Business partners were responsible for less than 1 percent of data breaches.

In terms of attack methods, hacking and malware have continued to increase. In fact, hacking was a factor in 81 percent of data breaches and in 99 percent of data lost. Malware also played a large part in data breaches; it appeared in 69 percent of breaches and 95 percent of compromised records. Hacking and malware are favored by external attackers, as these attack methods allow them to attack multiple victims at the same time from remote locations. Many hacking and malware tools are designed to be easy and simple for criminals to use.

Most IT organizations have implemented some kind of security on the data they have. It’s the data, devices, and systems they don’t know they have that present a problem. Today’s extended and distributed enterprise data management program has valuable data flowing into and out of the company, often available to suppliers, partners, and customers, and on a number of different platforms. The ‘unknowns’ within an enterprise – which are evolving quickly as devices and platforms multiply – also multiply risk, leaving data unprotected and corporations exposed. Yet regular, comprehensive security reviews are often all that is needed to identify problem areas.

Many organizations resist regular reviews of security initiatives as they believe that the status quo is ‘good enough’, and are unwilling to spend more if it’s not ‘needed’. These perceived savings are often, however, inaccurate, or downright wrong. One breach – intentional or inadvertent - can easily exceed the cost of a solid security program multiple times. Additionally, when a breach occurs valuable resources will then be wasted as IT personnel try to patch together point solutions, plug the gaps, and mitigate against potential disaster – and then get security compliance requirements back up to scratch.

This is why it is critical that all data within a corporation—at rest or in transit—is discovered and identified. Data residing on servers “under the desk” or on employee laptops is a good example of ‘unknown’ data sources. Identifying sensitive data, its storage places, and its transit patterns, provides the organization with the information required to support security compliance requirements, helps reduce risks of future data loss, and improves processes and applications that handle this data. No security program can be complete without knowing where the risks are and where the potential for threats may lie.

When considering a vast amount of data, enterprises should ask themselves three basic questions:

• ‘Where is the data?’ -- determine whether the data is at rest (in storage, file shares, desktops, etc.) or in-transit (e-mail, file transfer, IM, etc.)
• ‘What is the discovered data and to whom does it belong?’ -- the actual nature of the data itself and the data’s owner will determine the security procedures/standards required to protect it (for example customer lists, R&D, SSNs, credit cards, patient health information, resumes, financial reports, etc.).

And finally:

• ‘How is this identified data used and why is it important?’ -- data should be associated with the business processes it supports, and businesses should be aware how it is used (highly active or low latency, retention requirements) and how sensitive it is (security policies).

If these questions are asked – and answered – the organization is in a good place to keep its data safe.