ENISA warns of cyber risks for companies working with big data

January 31, 2016 |

The European Network and Information Security Agency (ENISA) in its report Big Data Threat Landscape and Good Practice Guide has signalled the need for companies who have big data systems to adopt a “the security-by-default principle” to properly safeguard their data and systems against security breaches.

The report stated:

  • big data applications can provide a dramatic increase in the efficiency and effectiveness of decision-making but brings with them  security risks.
  • big data systems are increasingly becoming attack targets by threat agents, and more and more elaborate and specialised attacks will be devised to exploit vulnerabilities and weaknesses.
  • the risks include the potential for data to be breached, leaked or degraded as a result of “..the high level of replication in Big Data storage and the frequency of outsourcing Big Data computations”.
  • the act of linking different data sets can also have “significant privacy and data protection impacts” because it can increase the effect that any data breach could have.
  • businesses involved across the world of big data, from owning the data to analytics specialists to the delivery of the computing and storage services necessary to glean insights from large volumes of data can lead to conflicting interests. This may create ” a complex ecosystem where security countermeasures must be carefully planned and executed”.
  • “good practices” to minimise the risks include the use of cryptography, access controls, pseudonymisation techniques and measures to protect against distributed denial of service attacks.

The contents of the report are as applicable for organisations working with big data in Australia.  Unfortunately the poor cyber protection culture makes the risk all the more real.

The report covers well trodden ground in the data protection field.  Big Data, or more particularly companies that operate in that space, is a particularly attractive prize for hackers as reported in Big Data Opportunities Need Big Data Security.

That is equally applicable for Internet Service Providers who are now required to retain 2 years of customers metadata for a minimum of 2 years.

One Response to “ENISA warns of cyber risks for companies working with big data”

  1. ENISA warns of cyber risks for companies working with big data | Australian Law Blogs

    […] ENISA warns of cyber risks for companies working with big data […]

Leave a Reply

Verified by MonsterInsights