Another Day, Another Data Breach: How the Collection of Data and Metadata Present Cybersecurity Risks


Amelia Estwick (Program Manager, National Cybersecurity Institute at Excelsior College)

Location: Grand Ballroom C

Date: Wednesday, May 2

Time: 2:00pm - 2:50pm

Pass Type: All Access, Conference

Format: Conference Session

Track: Data & Analytics

Conference Journey: Software Developer/Engineer

Audience: Intermediate

Vault Recording: TBD

Audience Level: Intermediate

According to IBM’s 12th Annual Data Breach Study, the global average cost of a data breach is $3.62 million US dollars. Although this amount is lower than the previous years, what has become increasingly evident is data breaches have increased in size and frequency. Why are data breaches occurring and what are the cybersecurity risks associated with mass amounts of data and metadata being collected?

According to a DXC.Technology data study, by 2020 over 35ZB (1 zettabyte = 1 billion terrabytes) of global data will be produced with a 1/3 of that data either live in or pass through the cloud. In addition, the pace of data production has been exacerbated by a large percentage of that data coming from mobile and IoT devices which also expands the cybersecurity threat landscape.

Given the advances in Big Data Analytics and Machine Learning (ML), the data and metadata collected present a treasure trove of information for big corporations to market products and gain a competitive edge in the marketplace. In addition, advances in Big Data Analytics and ML can also augment a security analyst’s ability to identify actionable security incidents from millions of security events being captured in an enterprise network.

However, on the flip side, collected data and metadata can also be lucrative in the black market when stolen and used for nefarious purposes. Take for example the enormous amount of data that was stolen in the recent Equifax hack; vulnerable databases with user data and metadata can be exploited to create profiles for mass spear-phishing emails, social engineering campaigns, identity theft, and other targeted attacks creating additional threat vectors and other cybersecurity risks. This presentation is going to discuss what some of those cybersecurity risks are and explore techniques to mitigate the risks.

Presentation File