Secure Thinking Bigger Data. Bigger risk?



Similar documents
A Study on Security and Privacy in Big Data Processing

IBM QRadar as a Service

The Cyber Threat Profiler

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

3 Marketing Security Risks. How to combat the threats to the security of your Marketing Database

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

I ve been breached! Now what?

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

MUNICIPAL WIRELESS NETWORK

Driving Company Security is Challenging. Centralized Management Makes it Simple.

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

Cloud Security checklist Are you really ready for Cloud

Cyber Security - What Would a Breach Really Mean for your Business?

It s time to fast forward to mobility

Establishing a Data-Centric Approach to Encryption

CYBER RISK SECURITY, NETWORK & PRIVACY

CyberArk Privileged Threat Analytics. Solution Brief

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

High Speed Internet - User Guide. Welcome to. your world.

CYBER SECURITY Audit, Test & Compliance

Teradata and Protegrity High-Value Protection for High-Value Data

Time better spent. Take your organisation somewhere new with Fujitsu Mobile Business Solutions. Reshaping ICT, Reshaping Business

Big Data solutions-paper

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Simplify Your Network Security with All-In-One Unified Threat Management

10 SMART MONEY FACTS YOU NEED TO KNOW ABOUT BUSINESS SECURITY

Beyond the Hype: Advanced Persistent Threats

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Cyber/ Network Security. FINEX Global

The Education Fellowship Finance Centralisation IT Security Strategy

Impact of Data Breaches

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management

Cloud security architecture

Addressing Cyber Risk Building robust cyber governance

Assuring Application Security: Deploying Code that Keeps Data Safe

Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015

Fujitsu in Energy & Utilities

Zak Khan Director, Advanced Cyber Defence

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance

Cloud Security Speak Glossary

Unit 3 Cyber security

External Supplier Control Requirements

How To Make Money From Your Desktop Virtualisation

Mobile Security Threats: Get Ready for 2016

Top five strategies for combating modern threats Is anti-virus dead?

Cyber Risk Management

Why cloud backup? Top 10 reasons

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

Internet threats: steps to security for your small business

Dispelling the vapor around Cloud Security

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

Connect and Protect: The Importance Of Security And Identity Access Management For Connected Devices

Clou com. An introduction to Cloud Computing

Table of Contents. Page 2/13

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Symantec Managed Security Services The Power To Protect

Performanta Pty Ltd. Company Profile. May Trust. Practical. Performanta.

Room for improvement. Building confidence in data security. March 2015

A global infrastructure to safeguard your business_

Stay ahead of insiderthreats with predictive,intelligent security

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

A COMPLETE APPROACH TO SECURITY

How To Protect Your Data From Being Hacked

Cloud Computing. servers. Cloud is a phrase that resembles the sharing process. Basically Cloud

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Cyber Risks October

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Five reasons SecureData should manage your web application security

G-Cloud Definition of Services Security Penetration Testing

2012 Bit9 Cyber Security Research Report

/ WHITEPAPER / THE BIMODAL IT

Cloud Computing Security Considerations

DOBUS And SBL Cloud Services Brochure

Top tips for improved network security

Application Security in the Software Development Lifecycle

IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper

Website Security: A good practice guide

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

SORTING OUT YOUR SIEM STRATEGY:

KEY STEPS FOLLOWING A DATA BREACH

archives: no longer fit for purpose?

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

How To Find Out What People Think About Hipaa Compliance

techuk Cloud 2020 Vision Keeping the UK at the forefront of cloud adoption

Think STRENGTH. Think Chubb. Cyber Insurance. Andrew Taylor. Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, :00PM EST

A practical guide to IT security

Information Security

Protecting Your Network Against Risky SSL Traffic ABSTRACT

THE GENIUS OF DATA: MAKING INTELLIGENT SECURITY A REALITY

Assessing the strength of your security operating model

COMBATING CYBER THREATS: A HOW TO FOR THE CISO.

Fasoo Data Security Framework

IMPROVE YOUR DATA MANAGEMENT

Internet Content Provider Safeguards Customer Networks and Services

Transcription:

Secure Thinking Bigger Data. Bigger risk? MALWARE HACKERS REPUTATION PROTECTION RISK THEFT

There has always been data. What is different now is the scale and speed of data growth. Every day we create 2.5 quintillion bytes of data and 90% of today s data was created in just the last two years. By the time you read this these figures will seem trivial. Despite the opportunity to use new forms of information to improve products or services to consumers and citizens, this rapid explosion in data brings clear risks. The costs associated with data losses particularly high profile or confidential information can be significant. Meanwhile, headlines about data security breaches often result in a dip in consumer confidence, erode share prices and can negatively impact the reputation of an organisation for many years. MALWARE Serious security breaches Between July 2011 and July 2012, the United Kingdom s National Health Service experienced several data breaches that exposed nearly 1.8 million patient records. A global payment processing company was hacked in June 2012, with over 1.5 million payment card details stolen. In the same year, 36 million was taken from more than 30,000 bank customers in what was dubbed the Eurograbber Attack. And perhaps most worryingly of all, according to the Check Point 2013 Security Report, 54% of organisations have experienced at least one potential data loss incident. N RISK PROTECTION The evidence suggests that the traditional security systems employed by enterprises designed to deal with smaller-scale, static data are no longer fit-for-purpose in the era of Big Data. As streaming data adds a new, mobile dimension to data collation, storage and retrieval, there is an even greater need for flexible, ultra-responsive security systems that can meet the Big Data risks each individual organisation faces.

Where is the risk coming from? Three key challenges stand out in the world of Big Data: ON MALWARE RISK REPUTATION 1 2 3 HACKERS Organisations are not prepared for current or future data security requirements. Old or out-dated security tools not only fail to protect one of the most valuable assets but also present their own challenges in terms of IT management. Recent lack of investment in security systems due to economic conditions, a lack of foresight or inertia has meant many organisations will need to modernise rapidly to catch up. There are now greater threats and more opportunities for invasion of privacy. This is particularly important for organisations, from Local Government to Finance, that rely on confidentiality to deliver highquality services. As increasing numbers of companies make a business out of mining information about individuals and their technology becomes ever more intelligent, protecting databases becomes an ongoing challenge. The greater the volume of data collected, the greater the opportunity for security breaches. The amount of corporate information stored in datacentres, servers, PCs and mobile phones is growing at an exponential rate and with so many more platforms there are now multiple entry points for a cyber attack. Far from getting shorter, the list of security threats is growing and with increasing sophistication. THEFT» Hackers techniques are constantly changing. As these nefarious assaults become more advanced and sophisticated, security challenges are raised to new heights.«check Point Security Report,2013

What is the risk in my market? The risks associated with Big Data impact every sector, every type of organisation and every element of the IT infrastructure. In Financial Services, for example, firms have always collected vast amounts of market and customer data. However, with new compliance legislation and increasing sources of information, firms need to modernise systems and improve data tracking to ensure the security of large, complex datasets. Much of this must be addressed at the application layer a field in which few firms have the requisite expertise. For telecommunications and media companies, consumer confidence is everything. The bundling of broadband, mobile, internet and cable TV is leading consumers to the cloud. With cloud computing and virtual storage comes the need for better management of third party datacentre hosts. Case in point The impact of not protecting consumer data while it resides in storage systems was demonstrated by the hacking of 77 million Sony Playstation accounts in 2011. Sony said at the time that it lost millions, while its online gaming site was down for over a month while the company tried to recover its reputation. In Utilities, the big challenge is protecting data on the move. An increasingly mobile workforce is spending less time in the office, making it essential that the applications used in the field are impenetrable if devices are lost or stolen. For manufacturers, the availability of low-cost data storage has opened up new holes in operational security. The vast amount of data used in design and engineering processes has facilitated the recent switch to tools such as auto-tiering. These tools do not track where data is stored, making it harder to identify if information has gone missing and affecting competitiveness. Meanwhile, retailers are at risk of breaching privacy laws despite recognising the benefits Big Data can bring to their business. One estimate puts the potential increase in operating margin of the full use of Big Data at 60% 1. However, unprotected data can have an even bigger impact on revenue if, as in the case of TK Maxx in 2006, the details of millions of customer credit card are hacked. The public sector is not immune either. In the UK, the Government has already identified the need to raise the bar in IT security following high profile breaches. Case in point Fujitsu manages IT security for one of the UK s largest government departments. As more people use its online services, this area put the wider organisation at risk. Cyber threats occur daily, so Fujitsu s approach is to provide a layered, end-to-end security service that focuses on operational risk. The team advises on existing security needs and emerging threats from new developments such as G-Cloud. Using specialist technology partners, Fujitsu manages a security system that has become a business-enabler balancing the cost of protection against the cost of an attack. 1 http://www.mckinsey.com/insights/business_technology/big_data_the_next_frontier_for_innovation

What is the technical risk? Fujitsu and other vendors have identified the top five Big Data Vulnerability Classes. These highlight the technical challenges facing IT departments across the public and private sectors. Importantly, these five areas indicate that organisations must focus on multiple areas of the IT infrastructure not just data storage or data inputting via devices. Top 5 Big Data Vulnerability Classes 2 : 1. Unsecure computation Unprotected computer programmes can offer hackers a route into accessing sensitive data, such as personal profiles or credit card details. They can also directly impact the data, corrupting mission-critical information or invoke a Denial of Service, leading to significant financial losses by blocking access to products. 2. Input validation / data filtering Big Data is collected from an increasing number of sources and this presents organisations with two challenges: 1. Input validation: Is the data from a trustworthy source and what are the sources of untrusted data? 2. Data filtering: How can the organisation filter out rogue or malicious data? 3. Granular access control Existing solutions for Big Data are designed for high performance and scalability with little concern for security. While traditional relational databases had comprehensive security features - in terms of access control many Big Data solutions have not evolved to these standards. 4. Privacy preserving data mining and analytics Big Data is typically stored at various nodes. Encryption, authorisation and authentication at each node require multi-layered security protocols. Auto-tiering or partitioning can reduce the costs associated with Big Data storage but queries of distributed data will require multiple entry points in a database, opening up new routes of attack. 5. Privacy preserving data mining and analytics Using Big Data to its full capacity generally involves data mining and analytics capabilities. As soon as this data is offered up for analysis, the anonymity of the data - and potentially its source(s) - is immediately comprised. When AOL released anonymised search logs for academic purposes users were easily identified by researchers. Netflix faced a similar problem when users of their anonymised data set were identified by correlating their Netflix movie scores with IMDb scores. 2 Source: Expanded Top Ten Big Data Security and Privacy Challenges, Cloud Security Alliance, April 2013

So how do I minimise my risk? The bigger risks associated with Big Data require a new way of thinking. Instead of relying on previous protocols or technologies, organisations must face up to the reality of a flexible, multi-layered and ongoing approach to IT security. There are big benefits to this approach. By analysing every aspect of Big Data, organisations will be empowered to only protect what they need to. Some systems will remain secure, some will not. Without investigating the impact of Big Data across the organisation there will always be the threat of attack. With the ability to track, compartmentalise and evaluate everything from online purchases to the latest Twitter trending topics, Big Data offers massive opportunities for real-time intelligence through analytics and can optimise decision-making. That is why it is important to look at every layer of the organisation s Big Data solution, not just the entry or storage points. The most effective form of IT security is that which is adaptive to every layer of the IT environment. Perhaps most important of all, recognising that standing still is no longer an option requires a change of mind-set. Once this has been achieved organisations can set about utilising technology that will actually keep pace with changes to risks in Big Data. Understanding that the cyber war should be fought on many battlegrounds and that threats are ongoing and relentless means organisations will be better placed to deal with them. Contact us on: Tel: +44 (0) 870 242 7998 Email: askfujitsu@uk.fujitsu.com Web: uk.fujitsu.com Ref: 3459. Copyright Fujitsu Services Ltd 2011. All rights reserved. No part of this document may be reproduced, stored or transmitted in any form without prior written permission of Fujitsu Services Ltd. Fujitsu Services Ltd endeavours to ensure that the information in this document is correct and fairly stated, but does not accept liability for any errors or omissions.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information