Big data demands big security - David Schwartz

Big data is becoming an increasingly important part of the business plan for companies in many different industries. Analyzing large customer datasets and other kinds of data with tools like Hadoop reporting lets companies save money as well as boost revenue by targeting their marketing better, designing products to better appeal to their customers, make better predictions, and so on.

On the other hand, this rise in the use of big data has coincided with the rise of advanced persistent threats to data security. Big data is not just lucrative to the companies that collect it: it is also worth money to identity thieves and other bad actors. This has given rise to a cottage industry in hacking and cracking. Companies that use big data, especially if that data consists of personal information of customers, are at an elevated risk of drawing hacking attempts. Developing ways to protect that data will prove to be just as important as the data itself.

The last few years have seen hacking capture headlines on a regular basis. Large companies like Target have become targets, with hackers stealing credit card information of millions of customers at a time. Even the U.S. government has been affected. The Federal Office of Personnel Management was breached earlier this year and detailed personal information of several million American citizens was stolen by unknown hackers. These breaches are only the latest of a string of such attacks.

Furthermore, just because the largest companies are the most likely to make the news does not mean that smaller companies are safe. Hackers know that while large companies tend to control more data, small companies have less robust cyber-defenses, leaving them more vulnerable to organized attacks, regardless of whether they have VSAT internet or traditional business-class cable.

There are two main ways companies can make themselves less susceptible to breaches. The first is the soft approach: update security protocols. Many of the most recent breaches have happened not because the attackers overcame the target’s defenses through sheer power, but because they exploited the fact that the target had poor protocol. If workers neglect to change their passwords regularly, for example, an attacker can gain access to the network more easily. Keeping protocols governing password use, requiring proper identification before giving out usernames and passwords, and restricting which kinds of user accounts have permission to access various internal networks and resources can help seal off the company from attacks.

The other form is to simply increase the strength of the defenses the company has. Usually, this involves outsourcing information security to an outside firm. This aspect of information security is more difficult for the company to control, because it is hard to know how much computational resources an attacker might have or what techniques they would use to attempt a breach. In general, however, hackers try to avoid confronting such defenses head-on whenever possible. It is cheaper and easier for them to exploit weak protocols or flaws in vendor software rather than try to overcome defenses with direct attacks.

This problem is only going to become more important as the use of customer data becomes more popular. It is certainly true that big data is far too lucrative for the threat of a breach to dissuade companies from collecting data. However, it does mean that they need to be more careful of the possibility of hacking.

A good portion of preparing for hacks is the process of recovering from a hack. Each company that uses data needs to plan out what it needs to do to recover from a breach, just as it has a plan for a fire or storm. Attacks can and do happen, and it makes the fallout far worse if the company is not ready to respond. A nasty breach can sink an unprepared company because it loses customers’ trust.

Having a plan and a way to reassure customers that they are protected is crucial for responding to a hack after it takes place. That will become a necessary part of the business plan of any company that wants to use big data in the long run.