This week’s SYN-of-the-week is GLUTTONY.
Gluttony is overindulging in digital assets and technologies fueled by fear of missing out thereby increasing the organization’s attack surface.
One of the most common forms of gluttony today is over consumption of DATA.
It has been 17 years since Clive Humby made the famous claim, “data is the new oil”. https://en.wikipedia.org/wiki/Clive_Humby In the age of big data, companies have been collecting and analyzing data in all forms to make new predictions, find cures for diseases and analyze behavior of employees. If there is data available to be analyzed, it can be use to solved a problem. In order to solve these kinds of problems, usually a larger data set is required. But, how much is too much?
Data is a valuable business asset, but collecting too much can be a liability. Your organization is more attractive to cyber criminals with more data you have. Additionally, the more data you have, the harder it is to secure its confidentiality and integrity. How can you avoid excess?
The counterbalance to gluttony is MODERATION.
Moderation is the practice of taking what you need avoiding excessive consumption. Related to data, moderate practices could include, for example:
- Know what data you have, and where it flows within the business. The FAIR framework provides a guide. https://www.go-fair.org/fair-principles/
- Only collect data that is necessary for your business operations. Many regulations like GDPR* require this. https://gdpr.eu/what-is-gdpr/
- Define retention periods and regularly purge old and unnecessary data via automation or define processes.
* Fines for collecting more personal data than needed is one of the most common. See this GDPR tracker and search by “Insufficient legal basis for data processing” to get an idea of what fines have been issued over the years: https://www.enforcementtracker.com.
#BSidesMunich, #SYNs
https://2023.bsidesmunich.org