Unmanaged data collection under fire

Amongst the key themes covered at the recent Connect 2014 event in Melbourne were the Internet of Things and machine-to-machine communications.

CSO Australia spoke with AVG's Michael McKinnon and Hacklabs' Chris Gatford about the data security and privacy issues these new trends present.

Play a game of buzzword bingo at any technology event this year and you're guaranteed to get a hit with the Internet of Things. While it's obvious that more and more end-point devices are being connected to the Internet, there are some deeper issues in play.

McKinnon, a security adviser with AVG, said he was surprised at how pervasive this degree of connectivity already is.

"One of things that's become apparent to me is that it's a lot deeper than many people think," he said. "For example, traffic management systems. You drive down the highway and think 'I'm just driving my car'. But the reality is that running alongside that highway are fibre optic cables that are linking camera management systems, speed sensors in the road, number plate recognition, electronic signals and signs, and all these things connect back to central control rooms".

These vast volumes of data present some challenges to the security community. While any one data point on its own is not very valuable, the accumulation of huge amounts of data and their correlation with other information can provide a surprisingly detailed picture of our lives.

"One of the main issues remains the integration of the data. We've still got data that is siloed in separate locations. But what happens when some of these systems start to really converge. Inevitably we're going to see some challenges," McKinnon said.

There are many instances of data being collected for seemingly little reason.

Chris Gatford, a director and penetration tester with Hacklabs, said, "One of the things I'm really looking forward to is controlling some of the blatant data capture that seems completely irrelevant. My favourite bugbear is the capturing of drivers' license information when you go into the pubs and RSLs".

He highlighted that one of challenges is behavioural. Many organisations have been collecting this data for a long time for no demonstrable business purpose. But, as they've being doing it for a long time they don’t yet see why this might be an issue.

"It's this mentality that is going to be hard to change," he added.

There's a mentality that says collecting data is a good idea just in case you need it but McKinnon says that this is "contrary to any best practice privacy principle".

"One of things coming out of the recent privacy reform is that companies need to be looking at all their web forms, everywhere that they're collecting information and they should only be collecting what is going to be used that will have a fundamental impact on a upcoming business decision," McKinnon explained.

McKinnon says that there's a need for a more detailed and granular discussion as the specifics about the data being collected is often glossed over.

"For example, with the privacy reforms, there's now a schedule that outlines things Centrelink customer reference numbers that are now declared by the government to be specific fields in your database that you are not allowed to keep unless you're a specific authorised entity," he said.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags data securityInternet of Thingsmachine to machineprivacy

More about CentrelinkCSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts