Cybersecurity and the Diversity of Data

Diversity of Data

by Charles Parker, II

I’ve said many times data is the new gold. This may be used/sold many times and cut for the purchaser’s

needs. Another aspect which makes this attractive to attackers is diversity. If a company has more than

one type of data, there are more targets of different types which could be liberated from the company

and sold or ransomed. For example, they may be industrial data with schematics and product design.

This would certainly be a crown jewel to seek. Couple this data warehouse with another data set (e.g.,

consumer data) and there are more targets.

This is notable as Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand

experienced a breach. This was confirmed on December 22, 2023. In this case, the company is assessing

the extent of the breach. What is known however is an estimated 100GB of data were stolen by the

infamous Akira ransomware group.

While this is troubling, there are lessons to learn from this to assist others in not making the same

oversight. With each set of data, a security check should be done. The data could be held in different

locations or platforms. Each of these should be reviewed for vulnerabilities. The greater likelihood is

these are not co-located and may present unique vulnerabilities on their own.

About the Author

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.