During the past 10 years data breaches have become more frequent than ever. Large volumes of personal and corporate data are being leaked via these breaches. The corporate responses to these breaches, as well as, the remediation of these breaches are often not sufficient. Similarly to how production companies should be taken to task for polluting the physical environment due to bad business practices, IT institutions should be made aware of their contribution to Cyber pollution. In our article we define the concept of cyber pollution as unmaintained or obsolete devices connect to the internet and corporate networks. This paper breaks down the current state of data breach disclosures within the Europe by providing statistics on large scale data breach disclosures from 2013 till 2016. This paper attempts to model the increase of threat exposure over time similar to that of pollution breaches within the physical environment. Over time small openings or vulnerabilities within systems can lead to exploitation of whole systems. By modelling these breaches as pollution we aim to make the concept of cyber pollution a more tangible concept for IT managers to relay to staff and upper management. The model is validated using anonymised corporate network traffic and Open Source penetration testing software.
Reference:
Burke, I.D. and Van Heerden, R.P. 2017. Treating personal data like digital pollution. 16th European Conference on Cyber Warfare and Security, 29-30 June 2017, Dublin, Ireland
Burke, I. D., & Van Heerden, R. P. (2017). Treating personal data like digital pollution. http://hdl.handle.net/10204/9593
Burke, Ivan D, and Renier P Van Heerden. "Treating personal data like digital pollution." (2017): http://hdl.handle.net/10204/9593
Burke ID, Van Heerden RP, Treating personal data like digital pollution; 2017. http://hdl.handle.net/10204/9593 .