Big Data – what is it and the security issue associated with it

big data security

When I first heard of the word big data, I always thought that it is some technical jargon and it’s a totally different thing from “data” that I have known for so long. But I was wrong.

What is big data?

So, what is big data? It’s easy, nothing fancy, big data basically means a lot of data. The amount is so big up to the point where it can be used for analysis to bring out a lot of information. 

How is it being used?

People are already well aware of the power of big data, and some companies even use data as their main source of income. For example, many companies are now using data to understand who their customer is and how should they target them.

Companies are also using big data to improve their operation and save costs. Take machine maintenance for example; the company can predict what will break down and take necessary steps to prevent it from happening so that downtime can be minimized. Other than that, the government starts to use big data to help improve healthcare and public health as well. 

Data vs big data

Now although both “big data” and “data” are data (yes, a mouthful I know), but the way of handling both of them is different. Usually, data is not difficult to handle and can be done using excel or a common data management tool. Handling big data however will be much different. Due to the sheer amount of data available, many problems will associate with this data. 

The problem that will associates with big data

With big data, comes big security concerns. As with every cyber-related thing, cybersecurity can become a concern. Below are a few. 

Data access

Newcomers to big data will tend to overlook the security part, which might result in them not using sufficient access control and in turn, an unauthorized person can access the data. 

Inaccurate data

Due to the reason that unauthorized persons can access it, they can change the data as well. This will cause the data to be inaccurate. Inaccurate data will be as good as not having data because the result will be inaccurate and pointless.

Insufficient cloud security

Of course one can save all the data they obtained on-premise, but big data is, well, big, so it is irrational to save everything physically. So, for that, the cloud will be the solution. However, cloud security is also something people undervalue. So once the cloud security breached, the hackers will obtain all the data. 

Privacy issue

With data being exposed, there comes a privacy issue. Like the recent case happened in Malaysia, Malaysia Communications and Multimedia Commission (MCMC) end contract with a company that was supposed to handle the data submitted by all Telco companies in Malaysia and somehow leaked it and now, if found guilty, will be facing heavy consequences from Malaysia Government. The privacy issue is not something to play with and therefore, should be taken seriously.

Solution

Well from my understanding of the problem, the solution I can think of is Blockchain. Here is an article for you to understand what blockchain is. All and all, blockchain will help make sure that the big data stored are safe and unable to alter, which immediately solves a few of the security issues mentioned above. However, of course, the security that is related to the endpoint will need to depend on the cybersecurity awareness of the user. 

Final Verdict

Big data is already in full force, and many companies and governments are using it to improve their business and also their service. Equipping the knowledge of big data is for sure beneficial. The same goes for knowledge on how to protect big data. Big data security will be something important now. 

Two-Factor Authentication – Does It Help?

2FA - Two Factor Authentication

I guess many will agree that only having a password to protect our account is not safe. Of course, I am not encouraging people to simply set a password. But my point is, there is a high chance someone will get their hands on your password and immediately they can log in to your account with that one single password. Besides, many of us use the same password for most of our accounts, right?

So, there comes 2-factor authentication. What is 2-factor authentication (2FA)? 2-factor authentications is a 2 steps authentication where the person who logs in will need to provide 2 evidence to prove that they are the rightful owner of the account.

The reason to do so is that, as mentioned above, the password itself is not safe anymore. Password is already something hacker can easily get their hands on. So to prevent things like this from happening, 2FA aims will require another verification, usually through something more personal like SMS or phone call, to verify.

How does 2FA work?

Usually, everything will start with a password, then when the password is correct, the system will prompt for a 2nd authentication method for you to choose from. The image below shows how usually the system prompt for 2nd authentication.

types of 2FA two-factor authentication available

There is various type of 2FA available, and usually, users get to choose which one they prefer. A phone call, SMS, email, App are some of the options available.

Does it really help?

To some extent, yes. But if the hacker really wants to get the information that you have, they can still forcefully bypass your 2FA to access your account. But that is very unlikely for a mere mortal like you and me because the hacker will usually look for easy targets, as people with “password” as their password.

Final Verdict

So yeah, signing up 2FA is a wise choice. It won’t stop but at least it will make the hacker life harder which in turn, will turn them away from hacking your account. Still, we should always count on ourselves to protect our account. Steps, like not using the same password for every account (password manager can help on this), create a strong password, update our app or device regularly, make sure the cybersecurity awareness level is high for all system users, are still very relevant. After all, the hacker is not someone we want to play with.

Cybersecurity Expert – How Much Do They Earn?

cyber security job


As mentioned in many posts that I have written before, cyber security is yet to get the attention they deserve. However, the good thing is that many companies that understand the importance of cyber security are willing to spend money to employed and encourage the building of awareness for cybersecurity.

Isreal Cybersecurity focus

Take Isreal for example, a YouTube video by Vice on HBO show that Isreal is taking cybersecurity seriously and are already on their way to becoming a global leader in cybersecurity. The Prime Minister of Isreal understands the importance of cybersecurity and therefore, in 2015, he set a goal to put Isreal as the top 5 cybersecurity power in the world, and in 2017, he achieved it. 

What does this mean?

This case study shows us something that for those who understand the importance of cybersecurity, they are willing to spend good money to make sure this part is taken care of.

For that reason, it is safe to say that cybersecurity itself will sooner or later become a good business for businessperson or jobseeker. Today, we are going to look into the part of the cybersecurity job (let’s leave the business part for the next post).

Top 5 highest paying cybersecurity role

Application Security Expert

By reading the job description, this role mostly covers the security risk of the application by the company and depends on seniority, many other aspects need to take into consideration other than security. i.e. like how the security features will affect the usability of the application. Common skills required by this role are as below;

  • DevOps/DevSecOps
  • Java, C# or any required programming language
  • Common cybersecurity knowledge
Application Security job from jobstreet.com.my as of 8th Oct 2019

Director of Information Security

With such a title, one must expect to take up the responsibility of making sure that the company’s information is secured. Managing a team of security experts will also be part of the job for this role. Common skills required are as below;

  • Management skills
  • Knowledge of cybersecurity
  • Sensitive toward the latest threats and cybersecurity news
Information security director job from Jobstreet.com.my as of 8th Oct 2019

Security consultant

Collaboration is the key. This role requires the candidate to make a decision with security in mind, but at the same time, make sure the collaboration between each stakeholder is being considered. Common skills required are as below;

  • Critical thinking
  • CISSP, CRISC, CISA, GSEC, GCCC
  • DevSecOps
security consultant job from indeeed.com.my as of 8th Oct 2019

Cloud Engineer

As the title suggests, this role will require the candidate to take care of the cloud. Although it covers mostly everything related to cloud, security is the priority when making a decision in this role. The common skills required for the role will be as below;

  • Cloud IAAS
  • SIEM Solution
  • DNS protection
  • End Point protection Solution
Cloud security job from Jobstreet.com.my as of 8th Oct 2019

Pentester

Penetration testing expert (PenTester) is someone who conducts ethical hacking to their company system. The purpose is to find out the vulnerability of the system before hackers did. The common skills required are as below;

  • Certified Penetration Testing Professional
  • CREST
  • OSCP
  • Python
  • C, C++
Pentester job from jobstreet.com.my as of 8th Oct 2019

Final Verdict

There is an endless possibility when it comes to cybersecurity-related role. And we can only assume that it will get more in demand when even more people aware about the importance of cybersecurity.

Even as of now, there is a shortage of cybersecurity experts which might potentially cost companies hundreds of millions of dollars. So, now is a good time to equip the knowledge of cybersecurity. Visit Info Trek cybersecurity page now for more information. 

Cyber Insurance – Do we need it yet?

calculator, pen, and calculative sheets. Cyber Insurance is something people need nowadays

Cyber Insurance is something I believe many will miss out on when they first set their digital footprint. I might not be that important last time, but the story is different for now. 

Every single day, we can see stories of cyber-attack happening. all of these attacks highlight to us that it is relatively easy to get hacked nowadays, and those reported are big cases, what about small cases that didn’t make it ways to the news?

Consider this single reason, it seems like an organization needs to buy cyber insurance. And how to do that? Well before I go any further, let’s make sure everyone has a clear understanding of what cyber insurance. 

Continue reading “Cyber Insurance – Do we need it yet?”

Not all hackers are bad: Different between White Hat and Black Hat Hacker and who is Gray Hat?

not all hackers are not all bad.

When we think of the word “Hacker” what do we associate with? I believe 90% of non-technical people will think of a hacker as someone that is up to no good and often do illegal stuff, like hacking our computer. 

Well, my mission here today is to save the hacker’s reputation (at least those good one). Because believe it or not, there are 2 types of hackers available in this world, one good and one bad. The bad one is what people generally think about when they come in contact with the word “hacker”. In the technical world, we call it Black Hat.

The good one, who we call White Hat, are those who do hacking for the good, and with permission. And there is another bonus one, that stuck in the middle of good and bad, we call it Gray Hat. Let me share with you one by one, what each of them does.

Continue reading “Not all hackers are bad: Different between White Hat and Black Hat Hacker and who is Gray Hat?”