It has never been more important that companies handle their Big Data applications effectively. A new report from Swiss cybersecurity firm BinaryEdge suggests that poorly configured applications using Big Data could be leaking more than one petabyte of sensitive data. This is worrying, because a large amount of this leaked data could be accessed without authentication.
This report also revealed that almost 9000 ElasticSearch servers were easily detectable, due to the fact that they were either the 1.4.3. version or older, meaning that they were vulnerable to potential attacks by cyber criminals. This is a huge problem – if older versions of servers aren’t updated regularly any data on that system is vulnerable, and further – the server itself can actually be compromised. One of the main reasons for this vulnerability is that companies aren’t yet completely familiar with these technologies, meaning a lapse in security is almost inevitable.
It is concerning that small companies are vulnerable in regards to their data and servers becoming compromised: insecure servers have been found across the top 500 companies (in terms of size), as well as in smaller ones. Unfortunately, this problem doesn’t appear to be improving. Jason du Preez, the chief executive of Privita, has suggested that ,it is becoming easier and easier for potential attackers to gain access to vulnerable and sensitive data as a result of significant computing power becoming more affordable and easy to obtain.
Even though developers and data scientists are working on tools for algorithm and analytics development in order to help with Big Data issues, this may not necessarily solve the whole problem. More often than not when developing such tools, companies tend to overlook information security concerns. Du Preez suggests that there is no excuse for companies of any size to overlook such an important element, claiming that, “organisations should be… taking a privacy-by-default approach to data management.”
One of the main reasons that companies are overlooking data security when developing new applications is that they are in such a rush to release apps in order to gain revenue. However, all it takes is for the wrong person to gain access to just one small piece of vulnerable information before catastrophic results entail. These will be dependent on how reliant the company is on the data for the business to function as usual. However, Catalin Casoi, Bitdefender’s chief security strategist, emphasises how important it is to “protect sensitive data end-to-end, through proper encryption.”
Companies should be in less of a rush to gain a return from their app investments and have more concern about how easy it may be for attackers to access sensitive data on the internet without even the need of a password. Big Data security should not be an afterthought.
[Photo Credit: Kris Krug]