“It’s all there,” warns Varonis CEO and co-founder Yaki Faitelson. “All the individual scraps of information about an individual online can be researched and pieced together to create a complete picture – who they are, where they work, which school they attended...”
It’s one of a series of warnings from Varonis on the problems that IT will face in the coming year. They stem from our need, desire and sometimes regulatory compulsion to store ever increasing amounts of data – IDC suggests that stored data is growing by 50% year on year. But there are two problems: firstly companies don’t really understand what data needs to be kept, what data should be kept, and what data should not be kept.
The second problem is that while companies understand that big data analytics may enable the extraction of valuable information from this sea of raw data, “there is a serious lack of data scientists to interpret the results and make informed decisions.” If you have the automation and the talent to distinguish causality from coincidence, you can gain an edge, says Varonis.
In the meantime many companies are not aware of the privacy issues hiding in the data they store, either internally or externally on social media. “It’s all there waiting to be plundered and the primary thing that saves most people is nobody is looking for them. But what if someone were?” asks Faitelson. We already have highly targeted phishing attacks using intelligence gathered from the social networks. What if the criminals start using the same big data analytics principles to automate researching the social networks?
“In my honest opinion,” Amichai Shulman, co-founder and CTO at Imperva told Infosecurity, “this is not cost effective,” adding, ‘yet.’ But ‘Murphy’ suggests that if something can be done, it will be done – eventually. There is a big data security threat hiding in the mass of data users post online, and Varonis fears it will increasingly emerge in the coming year. “While there’s no concrete evidence that there is widespread criminal use, it is very likely that attackers are taking the same approach that some marketing organizations are: that is, they’re weaving together the scattered bits and pieces of personally identifiable information that has been strewn about the public web,” Rob Sobers, technical manager at Varonis told Infosecurity. “Criminals, however, aren’t simply looking to sell you something.”
“It’s important that, as an organisation, you make sure your employees – especially those in key positions, are made aware of the risks,” says Faitelson. “Consider collecting the information that’s easily accessible on one employee to demonstrate what can be done to really bring the message home.”