Juha Saarinen: Big data lacks big security

It's too easy for hackers to take over big data. Photo / Getty

Who hasn't come across the "big data" buzz term yet? Everyone's doing it: Collecting lots of information via sensors, public data sets going back years, all manners of sources.

It can be anything, literally, that computer scientists use massive IT systems to devour and pick through for interesting patterns.

That big data has to go somewhere, and be accessible from the internet to be of use to researchers and others, of course.

Did you wonder if those big databases storing huge amounts of information were safe and secure? Wonder no more: They're not.

When I say they're not secure, I mean the databases are left wide-open for anyone to do whatever they like with.

This year has seen a rash of attacks on internet-connected databases containing huge amounts of information. Around 40,000 databases have been wiped around the world, with hundreds of terabytes (one terabyte is a thousand gigabytes) gone. The tally's probably even higher now, as attackers have scanned the internet to find open databases and there are hundreds of thousands of those around.

It's no clever hacking attempt, just taking advantage of the fact that the databases have been installed with zero consideration for security like having access controls, and not allowing every person and their dog in, with full administrator rights.

Most of the attacks have been blackmail attempts.

"Your data's deleted, pay 1bitcoin to get it back."

Except you're not going to get it back.

There's no evidence that the attackers spent the probably considerable amount of time and had the costly bandwidth and storage capacity required to back up the data before deleting it.

Other deletions have been simple vandalism, or maybe a misguided attempt at encouraging database administrators that they need to secure their systems.

Few organisations have been able to get their data back, and it seems nine out of 10 operators do not back up the information in the databases, security researchers noted.

The vulnerable database servers are found across a range of industries and scientific organisations.

Medical research institutions, marketing firms, schools and academia, financial and insurance companies, manufacturers and software developers are just some that have been hit.

As many of the victims ran the databases on their production systems, it's a safe bet to assume that quite a bit of important information has been lost, maybe forever.

That's bad enough, but if the databases were left open to anyone on the internet, was some sensitive personally identifiable data siphoned off quietly by bad people who should not have access to it?

I don't think anyone would be surprised if that has happened, too, and the privacy implications are scary.

From the above we can learn that data, big or small, is popular with all sorts of organisations and people who have no idea how to secure their systems and that that is a global problem.

It's cool to be a data driven organisation sifting through masses of info for insights, but keep it safe please.

And back up often because the internet will punish the careless sooner rather than later.