yeah we have all that hype about BIG data and the one thing about BIG data is that a breach of BIG data is always BIG or would be say staggering BIG, unbelievable BIG (and so always Worth the time, investments and resources that the attackers have used to attain their goal). They are always Worth their attacking investment because you will always win statistically. Take that only 2% falls for your phishing campaign. Well if you have to invest a million to get to that banking data, than a database of a 1000 people or 100.000 wouldn't be Worth the money. The possibility that you will lose are still enormous. BUt if you obtain a database of 70 million people, than even two percent will give you so many leads that you would be rich if you know how to use it (or you can sell it to people who have the knowledge and infrastructure to do so).
So big data is not about bigger risks but about ENORMOUS risks. It is not just adding data and so adding risks but accumulating risk by increasing exponently the risks and the impact of the loss. In fact there is no way to calculate the risk and the possible conséquences.
Take for example this phrase in the legal document JP Morgan had to publish in the US
" JPMorgan Chase customers are not liable for unauthorized transactions on their account that they promptly alert the Firm to http://www.sec.gov/Archives/edgar/data/19617/000119312514362173/d799478d8k.htm
so how would you calculate the risk ? If you have a set a second verification of every transfer above 100 dollars and that happens with x number of people you have a certain amount for each transfer - except if you review that process now immediately and not only lower the limit for each transaction but also for subsequent transactions
the second risk is how you would caculate the investment in your treatment of all these complaints ? Imagine that you have now 10.000 calls a day. Well, how much would your investment be to handle 100.000 calls a day and how much would you have to invest in your backoffice operation to keep it running ?
and we could go on ? How many people would limit now their online transactions and prefer to go to the bank or the ATM increasing the cost of personnel and maintenance of these installations ? How many people would leave your bank ? How many other new or typical attacks would you face now every day because the whole world knows that you have left some stupid vulnerabilities open for months on your websites ?
because all that big data was breached by
'a few stupid vulnerabilities on some websites and a password of an employee with administrative rights (if the articles were right)'
that is the result if you don't invest in double authentification and vulnerability defense and pathching and security monitoring
oh you say you invest already millions - yes, but these millions didn't cover your risks of BIG data
this is why BIG data is not so interesting .... especially linked to the FrontOffice
if you want to use big data, do it somewhere well protected in the backoffice and so on
of yes, all that writing that it are only contactdetails and there is no problem because of it doesn't understand that the information is perfect to launch phishing campaign (between 2 and 10% of the people contacted fall for it)