Is Big Data About to Get a Bad Name?

RSS

Before the reputations of Big Data and, by extension, analytics begin to take hits as a result of sinister events, it makes sense to strengthen our knowledge of their positive impacts. These impacts extend more and more into the realm of risk management.

The news lately has been dominated by security breaches at the highest levels of government, leading many to question whether Big Data has in fact gotten too big. As our organizations’ and our industries’ reliance on data increases, so too does our companies’ and industries’ vulnerability to data-related risks. Look at any survey of executive/board risk concerns these days and you’ll see data protection/privacy perched atop the list.

LRN’s 2013 “Ethics & Compliance Alliance Risk Forecast Report” indicates that ethics and compliance professionals identify data privacy as their top risk; “electronic data protection” placed third. The Unisys Security Index, which is based on survey responses from 11,000-plus global citizens, indicates that two-thirds of U.S. residents are “seriously concerned about a data breach involving banks or other financial institutions.”

There are sound reasons for these concerns. The number of cyber-attacks on critical U.S. infrastructure increased 21-fold from 2009 to 2012, according to the U.S. Department of Homeland Security. “These included the penetration of 23 oil and natural gas pipeline operators and six attacks on nuclear power plants,” writes John Seabrook in the New Yorker (May 20, 2013). “Last year, hackers also broke into an unclassified network in the White House military office. In all these cases, the intruders seemed more interested in snooping than in sabotage, though they could return, with more sinister intentions.” Seabrook also reports that nearly 50 large U.S. banks suffered cyber-attacks in late 2012.

Before the reputations of Big Data and, by extension, analytics begin to take hits as a result of sinister events, it makes sense to strengthen our knowledge of their positive impacts. These impacts extend more and more into the realm of risk management.

For decades, proponents of continuous auditing (and, more recently, continuous monitoring) have made the case for the ways in which analytic engines can strengthen internal audit’s reach and accuracy by churning through all transactions with a particular business cycle or process. This is a vast improvement over the traditional process of applying highly manual scrutiny to select populations of transactional data.

Similar technology, and the same principle, can help bolster other forms of risk management, notes Craig Sanders, president of Enfathom, the business intelligence and analytics solutions division of global consulting company North Highland. “With strong data discovery reporting tools and visualization capabilities like link analytics, users can point to the presence of risk behaviors without having to go through coding exercises,” Sanders explains. “The analysis becomes a point-and-click effort.”

In most cases, the effort is well worth the investment. Keep this in mind as we surf on the cusp of potentially major data-security issues (which, no doubt, will be followed by sweeping new data-security regulatory compliance requirements).

Discuss this Blog Entry 0

Post new comment
or to use your Business Finance ID
What's Full Disclosure?

GRC expert Eric Krell supplies the Business Finance community in-depth articles and commentary examining governance, risk, and compliance.

Blog Archive