Unmanaged data collection under fire

Amongst the key themes covered at the recent Connect 2014 event in Melbourne were the Internet of Things and machine-to-machine communications.

CSO Australia spoke with AVG's Michael McKinnon and Hacklabs' Chris Gatford about the data security and privacy issues these new trends present.

Play a game of buzzword bingo at any technology event this year and you're guaranteed to get a hit with the Internet of Things. While it's obvious that more and more end-point devices are being connected to the Internet, there are some deeper issues in play.

McKinnon, a security adviser with AVG, said he was surprised at how pervasive this degree of connectivity already is.

"One of things that's become apparent to me is that it's a lot deeper than many people think," he said. "For example, traffic management systems. You drive down the highway and think 'I'm just driving my car'. But the reality is that running alongside that highway are fibre optic cables that are linking camera management systems, speed sensors in the road, number plate recognition, electronic signals and signs, and all these things connect back to central control rooms".

These vast volumes of data present some challenges to the security community. While any one data point on its own is not very valuable, the accumulation of huge amounts of data and their correlation with other information can provide a surprisingly detailed picture of our lives.

"One of the main issues remains the integration of the data. We've still got data that is siloed in separate locations. But what happens when some of these systems start to really converge. Inevitably we're going to see some challenges," McKinnon said.

There are many instances of data being collected for seemingly little reason.

Chris Gatford, a director and penetration tester with Hacklabs, said, "One of the things I'm really looking forward to is controlling some of the blatant data capture that seems completely irrelevant. My favourite bugbear is the capturing of drivers' license information when you go into the pubs and RSLs".

He highlighted that one of challenges is behavioural. Many organisations have been collecting this data for a long time for no demonstrable business purpose. But, as they've being doing it for a long time they don’t yet see why this might be an issue.

"It's this mentality that is going to be hard to change," he added.

There's a mentality that says collecting data is a good idea just in case you need it but McKinnon says that this is "contrary to any best practice privacy principle".

"One of things coming out of the recent privacy reform is that companies need to be looking at all their web forms, everywhere that they're collecting information and they should only be collecting what is going to be used that will have a fundamental impact on a upcoming business decision," McKinnon explained.

McKinnon says that there's a need for a more detailed and granular discussion as the specifics about the data being collected is often glossed over.

"For example, with the privacy reforms, there's now a schedule that outlines things Centrelink customer reference numbers that are now declared by the government to be specific fields in your database that you are not allowed to keep unless you're a specific authorised entity," he said.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags data securityInternet of Thingsprivacymachine to machine

2 Comments

Bob Hobson

1

One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information. I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.

tim

2

If you're tired of the NSA or even Google - tracking your internet usage - go here:

www dot hidemyass dot com/vpn/r8832/

(swap the "dot" for " . " and type in the whole line)

It's an easy way to keep your web surfing secret.

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Risk Management Solutions

Protect resources and ensure security compliance through incident detection, response, and remediation.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.