Date
21 November 2017
Big data has made it possible for companies to analyze trends and respond to them quickly but it has also exposed them to increased security risks. Photo: Internet
Big data has made it possible for companies to analyze trends and respond to them quickly but it has also exposed them to increased security risks. Photo: Internet

Beware the promise of big data

Big data refers to large pools of data that can be brought together and analysed to discern patterns and make better and faster decisions.

It drives change across different business sectors, enhancing productivity and creating significant value for the world economy.

Although big data present opportunities and will generate future business leads, there is an important question about security.

With the technological evolution, data is no longer stored within a company and the traditional firewall and other protection measures are no longer strong enough to protect it.

Data is portable and can be quickly transferred and replicated. There is no visibility where the data is stored, who has access it, how the information is used and how to protect the data etc. – these are threats to business users.

So, how do we minimize these risks?

Data leakage news are so common nowadays that they are wake-up calls for corporate boards and management to pay more attention to personal data privacy and how to handle data transfer across different borders.

Amendments to the Personal Data (Privacy) Ordinance have provided a set of guidelines for organizations to comply with, forcing companies to pay more attention to data protection.

Within the next two years, big data analytics will impact most of the information security world including networking monitoring, user authentication and authorization, identity management, fraud detection, and governance, risk and compliance (GRC).

While these advancements will mean big things for the future of information security, integrating them into existing security programs will require organizations to rethink how information security programs are developed and executed.

Managing big data is like managing a business — you need the right tools and resources to capture all data types and to analyse it and most importantly, a flexible, scalable and secure infrastructure to cope with the challenges of big data.

Social networks and the new generation of smartphones, cloud, “bring your own device” (BYOD) enable customers to use and interact with firms whenever they want and from wherever they may be.

This is definitely cost saving and convenient but using a personal device limits the amount of control that can be applied, resulting in unintentional data leakage of sensitive information from such devices.

Organizations need to understand how to integrate data assets and analytics into their products, services and business operations and spend their money wisely for big data program, build a business case that can define your strategy, key priorities and requirements and develop a roadmap for your deployment of solutions to increase security protection and productivity whilst minimizing costs, downtime and repetitive tasks.

A good framework must be highly structured and flexible enough to adopt in real-time as threats emerge. Chasing the latest tools may not be enough to battle cyber risks.

Many firms have a data privacy policy in place but when was the last update? More importantly, do employees know that there is a policy in place and where it can be retrieved?

As firms grow, the data they capture becomes more complicated and are difficult to manage and it is important to change the mindsets of users on this issue.

Most senior management or executives were not brought up using technology and may be more conservative and careful in handling data but the “Gen Y”, our future market leaders are used to digital devices and maximizing the network opportunities through different social media platforms.

They are content generators and driving interaction but they lack the sensitivity in identifying what can or cannot be shared internally or externally and the brand and financial damage it may bring to the organization.

With this in mind, organizations need to consider focusing more on people and through a less formal approach such as cyber war-gaming exercises that bring together different parts of the organization in real-life simulations as well as insightful training videos or workshop to help them understand the organization’s security and privacy challenges and how to respond to cyber attacks should they occur.

Awareness training programs can educate users on security and privacy terminology, industrial trends and highlight the importance of information security policies and procedures in daily operations.

Training for IT managers should be considered throughout the system development life cycle to ensure the system is launched with proactive and preventive controls in place.

Big data will only grow and in today’s environment, it is unrealistic to expect that defenses can prevent all cyber incidents. Although companies may undertake security audit to test the resilience of their systems, they only provide point-in-time security evaluations.

Different companies have different risk concerns, therefore, well-defined security policies, standards and guidelines with regular security awareness training and regular monitoring are critical to maintain effective data protection.

Learning from experience and sharing information both within and outside the organization will help companies develop capabilities for detecting incidents when they occur and minimize the impact on their business operations.

– Contact us at [email protected]

RA

Partner, Enterprise Risk Services, Deloitte

EJI Weekly Newsletter

Please click here to unsubscribe