Share

Related Links

  • Varonis
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Most Big Data implementations feature no security beyond passwords
    The Big Data revolution, spurred by technologies that allow companies to collect, manage and analyze very large data sets thanks to cluster-based computing architectures – is creating vast repositories of mission-critical information that are, in turn, creating new security concerns. Unfortunately, a new white paper finds that most enterprises are relying solely on passwords to protect their data.
  • EMC to acquire big data analytics firm Silver Tail Systems
    In a move that highlights the growing desire to move security from its historical reactive stance to a more preventive and predictive position, EMC’s RSA is to add Silver Tail’s big data analytics engine to its authentication and fraud prevention portfolio.
  • Cloud Security Alliance gets large on Big Data
    Providing security for virtual and remote environments that may be connected by open networks is a IT hurdle in and of itself on even a small scale, but in the context of the Big Data phenomenon stemming from cloud-based data centers, the challenge increases exponentially. To help the situation, the Cloud Security Alliance (CSA) has launched its Big Data Working Group (BDWG), to be led by Fujitsu, eBay and Verizon Business.
  • Big Data Analytics should be used for security as well as commercial purposes
    “Big data analytics can improve information security and increase cyber resilience” claims a new report from the Information Security Forum (ISF).
  • Big Data can cause big headaches for infosec professionals
    Along with the benefits that can be gained from Big Data come attendant security risks, notes Savvis' Ed Moyle.

Top 5 Stories

News

The salami apocalypse – big data in the wrong hands

27 November 2012

The world is not facing a Mayan calendar doomsday next month so much as a salami apocalypse next year: threats built layer upon layer from small bits of information that can be combined into detailed personal profiles.

“It’s all there,” warns Varonis CEO and co-founder Yaki Faitelson. “All the individual scraps of information about an individual online can be researched and pieced together to create a complete picture – who they are, where they work, which school they attended...” 

It’s one of a series of warnings from Varonis on the problems that IT will face in the coming year. They stem from our need, desire and sometimes regulatory compulsion to store ever increasing amounts of data – IDC suggests that stored data is growing by 50% year on year. But there are two problems: firstly companies don’t really understand what data needs to be kept, what data should be kept, and what data should not be kept.

The second problem is that while companies understand that big data analytics may enable the extraction of valuable information from this sea of raw data, “there is a serious lack of data scientists to interpret the results and make informed decisions.” If you have the automation and the talent to distinguish causality from coincidence, you can gain an edge, says Varonis. 

In the meantime many companies are not aware of the privacy issues hiding in the data they store, either internally or externally on social media. “It’s all there waiting to be plundered and the primary thing that saves most people is nobody is looking for them. But what if someone were?” asks Faitelson. We already have highly targeted phishing attacks using intelligence gathered from the social networks. What if the criminals start using the same big data analytics principles to automate researching the social networks?

“In my honest opinion,” Amichai Shulman, co-founder and CTO at Imperva told Infosecurity, “this is not cost effective,” adding, ‘yet.’ But ‘Murphy’ suggests that if something can be done, it will be done – eventually. There is a big data security threat hiding in the mass of data users post online, and Varonis fears it will increasingly emerge in the coming year. “While there’s no concrete evidence that there is widespread criminal use, it is very likely that attackers are taking the same approach that some marketing organizations are: that is, they’re weaving together the scattered bits and pieces of personally identifiable information that has been strewn about the public web,” Rob Sobers, technical manager at Varonis told Infosecurity. “Criminals, however, aren’t simply looking to sell you something.”

“It’s important that, as an organisation, you make sure your employees – especially those in key positions, are made aware of the risks,” says Faitelson. “Consider collecting the information that’s easily accessible on one employee to demonstrate what can be done to really bring the message home.”

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×