Big data refers to the huge and ever-growing volume of data organizations mine to uncover opportunities for building deeper customer relationships and developing new strategies for growth. Gartner describes big data as having “volume” (the amount of data), “velocity” (the speed at which data flows into the organization) and “variety” (structured and unstructured). Big data can uncover big opportunities for an organization, but it can also provide a big target for cyber criminals.
Data breaches such as the hack of the U.S. Office of Personnel Management that compromised the files of tens of millions of federal employees demonstrate this risk of holding high volumes of data in a manner that does not match its sensitivity. The cost of repairing the damage, and the cost to an organization’s reputation, are too high to ignore.
Understand the Surface Area of Your Data
In addition to the rapid proliferation of data, the number of digital devices connected to the global IP network has increased the surface area of risk organizations have exposed to potential hackers. This has ushered us into the current state of heightened cyber security requirements, best summed up by former CEO of Cisco John Chambers: “There are two types of companies: those that have been hacked, and those who don't know they have been hacked.”
According to a recent Cisco analysis, mobile data traffic has grown 18-fold over the past five years. Almost half a billion mobile devices were added in 2016 alone. In addition, 325 million wearable devices were reported worldwide. This wouldn’t appear to be a concern until you consider that 11 million of these new wearables have embedded cellular connections. The ubiquity of personal devices has made their usage, and their vulnerabilities, a new part of the modern workplace.
Each employee increases the amount of data an organization must protect. Each device an employee uses to access that data represents a chink in the armor which attackers can compromise.
Big Data Requires Decision Making
Just because it’s easy to collect data about every aspect of your business doesn’t mean we should. Pending European Union privacy rules as well as watchful regulators and private lawyers in the U.S., make the indiscriminate collection of customer data risky both in terms of potential regulatory violations and the inevitable fallout from data breaches. In response, strengthening cyber security has been prioritized by both the current and previous White House administrations.
Thus, organizations must learn how to discriminate between data that is business critical and that which is not. What meets the standard of “critical” must then be subject to rigorous security measures that are consistently updated to counter emerging threats. Strategies for maintaining or purging data classified as non-essential should be developed. With these strategies and safeguards in place, the surface area of critical data can be significantly reduced, allowing for concentrated security measures to be applied where they’re most needed.
With this new found clarity, the real work begins – enforcing companywide rules of conduct to ensure every employee knows the value and potential liabilities associated with the data they generate and use every day.