The European Network and Information Security Agency (ENISA) urged companies to embrace "the security-by-default principle" to better safeguard data and systems against privacy and security risks.
"Big data applications can provide a dramatic increase in the efficiency and effectiveness of decision-making in complex organisations and communities," ENISA said in its report. "It is expected that it will constitute an important part of a thriving data-driven economy, with applications ranging from science and business to military and intelligence. However, besides its benefits or in some cases because of them, big data also bears a number of security risks."
"Big data systems are increasingly becoming attack targets by threat agents, and more and more elaborate and specialised attacks will be devised to exploit vulnerabilities and weaknesses," it said.
Among the risks ENISA said were relevant to use of big data is the potential for data to be breached, leaked or degraded as a result of "the high level of replication in Big Data storage and the frequency of outsourcing Big Data computations". It said that the act of linking different data sets can also have "significant privacy and data protection impacts" because it can increase the effect that any data breach could have.
In addition, ENISA warned that businesses involved across the world of big data, from companies that own the data, to analytics specialists and businesses that deliver the computing and storage services necessary to glean insights from large volumes of data, might have conflicting interests. This, it said, "creates a complex ecosystem where security countermeasures must be carefully planned and executed".
The ENISA report identified a number of "good practices" that organisations can adopt to minimise the risks present in using big data tools, and flagged "gaps" in those practices which those organisations need to be aware of. The use of cryptography, access controls, pseudonymisation techniques and measures to protect against distributed denial of service attacks were among the good practices identified in the report.