Big data is the latest buzzword making its rounds in boardrooms and rightfully so. Organisations today are analysing and producing more amounts of data than ever and the potential of this data is huge. Besides its volume and variety, data scientists are also using big data to optimise decision making, improve customer service and develop new product innovations.
That being said, big data needs protecting as essentially, it is also about protecting a business' brand - and to do this demands a full understanding of where the data security risks lie. Today's extended and distributed enterprise data management programme has valuable data flowing into and out of the company, often available to suppliers, partners, and customers, and on a number of different platforms. The 'unknowns' within an enterprise - which are evolving quickly as devices and platforms multiply - also multiply risk, leaving data unprotected and corporations exposed.
The 2013 Verizon Data Breach Investigation Report uncovered some surprising insights about data breaches. For example, the majority of breaches (75 percent) were a result of simpler opportunistic attacks and 78 percent were low difficulty attacks, meaning that they did not require advanced skills or extensive resources to conduct. Furthermore, four out of five network intrusions exploited weak or stolen credentials, which could have been easily prevented.
The Verizon Data Breach Investigation Report also found that victims of data breaches came from a wide range of industries, including financial organisations, retailers and restaurants. Most data breaches were also financially motivated in nature and involved stealing data such as IP and trade secrets. In short, data breaches could happen to anyone - as long as you have an IP address, you could be a target, regardless of the size of your organisation, your industry or your location.
Many organisations resist regular reviews of security initiatives as they believe that their status quo is 'good enough', and are unwilling to spend more if it is not 'needed'. These perceived savings are often, however, inaccurate, or downright wrong. One breach - intentional or inadvertent - can easily exceed the cost of a solid security programme multiple times. Additionally, when a breach occurs, valuable resources will then be wasted as IT personnel try to patch together point solutions, plug the gaps, and mitigate against potential disasters, and then get security compliance requirements back up to scratch.
This is why it is critical that all data within a corporation - at rest or in transit - is discovered and identified. Data residing on servers "under the desk" or on employee laptops is a good example of 'unknown' data sources. Identifying sensitive data, its storage places, and its transit patterns provides the organisation with the information required to support security compliance requirements, helps reduce risks of future data loss, and improves processes and applications that handle this data. No security programme can be complete without knowing where the risks are and where the potential for threats may lie.
Sign up for CIO Asia eNewsletters.