How Big Data Efforts are Affecting Cyber Security

Total
0
Shares

Just about every month of the past year has brought news of a new data breach, leak, or hack at a major company. The most recent target was the U.S. federal government itself. These breaches are concerning for any company that relies on the Internet as a significant portal. Furthermore, the damage of such breaches can be extensive. The Ponemon Institute conducts an annual study analyzing data breaches. For 2015, the researchers found that the average cost of a breach is $3.8 million, with an average cost per record of $154.

Big Data

One of the largest changes to e-commerce and business in general over the past few years has been the rise of big data. Collecting data about customers and browsers is a powerful means to understand the company’s customer base, decide how to design new products, and determine the direction of marketing campaigns. Having detailed customer data opens up many new options for the company.

However, big data is also a major security concern. Storing customer information raises online privacy concerns even before online security becomes an issue, and if that information is also vulnerable to security breaches, then the company faces a significant risk. The level of risk depends on what kind of data the company actually retains. The more personally identifiable and detailed the information is, the greater the risk that it will attract the attention of a hacker and the larger the potential fallout from a data breach.

It is important that any company working with customer data be aware of the consequences of a data breach. For example, customers may become vulnerable to identity theft or fraud. If the breach is large, then it might make the news, hurting the company’s reputation. The loss of trust due to the online privacy violation also damages the company’s relationships with existing customers. The company exposes its own customers to risk when breaches occur.

Sources of Vulnerability

There are several potential ways for a company to become vulnerable to a potential hack. The first is a straightforward data breach. The company’s online security is simply unable to stop a given attack. A breach like this arises because the security was out of date or was not capable of handling a category of attack. These attacks can be hard to stop- the best security software is expensive, and not all of it can stop any kind of attack. Often, a combination of security software and good IT policy is necessary. In computer security it is referred to as a “layered approach” creating multiple layers of security software and procedures.

There are also more preventable types of attacks. For example, hackers might exploit mistakes or outdated software in order to gain entry into a computer on a company network. There are sometimes good reasons to delay applying patches and updates, but that practice often leaves holes in the company’s defenses if those updates solve security problems in the software. Part of the problem is that such security updates often also involve published information about the security vulnerability that the patch is meant to solve, so the information about how to exploit the hole is public knowledge.

Another form of attack is when attackers use phishing/spear fishing (email based malware) or similar methods to gain access to passwords, enabling them to have direct access to sensitive systems. This is where IT policy becomes critical. No security software can solve human error. Having proper policies in place about what kinds of passwords to use, how often to rotate them, and limiting the amount of Internet-facing assets in place can help to prevent attacks by making the company both harder to reach and harder to crack. This is as much an issue of company culture as it is an issue of software.

The Risk

The major question that every manager should consider when it comes to using potentially sensitive data is whether the benefits are worth the risk. Clearly, many of the major companies that appear in the news as hacking targets, like Target, believe the benefits to be worth the cost even after an attack: Target has committed to beefing up security, not to reducing its use or retention of data. They believe that they gain so much from collecting data that even an actual breach was not enough to convince them to stop the practice.

On the other hand, as a large company, Target has more resources to help it weather a storm of controversy. A smaller company might not be able to withstand the loss of trust between the company and consumers in the event of a breach, and its reputation might not recover from such an event. Online privacy is becoming a growing concern as customers become more aware of just how much data about them companies collect, so they might become less tolerant of data collection and breaches in the future.

close

Subscribe for PEO industry insights delivered to your inbox!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.