Cybersecurity and the Diversity of Data
Diversity of Data
by Charles Parker, II
I’ve said many times data is the new gold. This may be used/sold many times and cut for the purchaser’s
needs. Another aspect which makes this attractive to attackers is diversity. If a company has more than
one type of data, there are more targets of different types which could be liberated from the company
and sold or ransomed. For example, they may be industrial data with schematics and product design.
This would certainly be a crown jewel to seek. Couple this data warehouse with another data set (e.g.,
consumer data) and there are more targets.
This is notable as Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand
experienced a breach. This was confirmed on December 22, 2023. In this case, the company is assessing
the extent of the breach. What is known however is an estimated 100GB of data were stolen by the
infamous Akira ransomware group.
While this is troubling, there are lessons to learn from this to assist others in not making the same
oversight. With each set of data, a security check should be done. The data could be held in different
locations or platforms. Each of these should be reviewed for vulnerabilities. The greater likelihood is
these are not co-located and may present unique vulnerabilities on their own.
About the Author
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Comments