When some of the more prevalent technologies of today started picking up speed there were a few ramblings about data security and privacy, but one could argue that — as a society — we just weren’t ready. No one was really sure how to handle or tackle the challenges presented by this new wave of devices and platforms.
Today, these issues are on everyone’s mind. It seems like every day there’s another major data breach or cybersecurity attack. On the days there aren’t any news, we hear about privacy breaches and the official mishandling of data, Facebook and Cambridge Analytica serving as a perfect example.
The decision makers of the world have started to understand the true extent of damage these issues can cause, sparking a slew of new regulations and laws. GDPR was just the first of many to come. The CCPA or California Consumer Privacy Act is yet another.
Unfortunately, while these new enforcements are warranted and will certainly help, there are still a lot of things happening in the digital world, some more concerning than others. It begs the question, what are the most prominent issues we face today? What privacy and security problems should everyone be aware of?
1. Character Assassination Opportunities
Several events have merged to create a perfect storm of destruction if you will, capable of ruining the lives of many. There’s outrage culture, where groups of people react negatively en masse. Then, there’s the theft of private and sensitive information, as well as its sale in the open black market.
This presents a unique possibility where identity thieves and hackers can use personal information against us. Holding information at ransom is just one example of how this might play out. Ransomware is a common type of attack that locks down a system or device in exchange for monetary compensation. The same can be done with sensitive information, particularly data that could cause a stir if released to the public.
But the problem is that there’s really no telling how sensitive information can and will be used. Swatting, for example, is a dastardly attack carried out — often by younger attackers — where an address is provided to law enforcement and presented as a threat. The necessary authorities storm the property or home in question expecting to find weapons or worse, which is both dangerous and senseless. To carry out the act, one only need a home address which can be gleaned through a reverse IP search.
2. Social Engineering Attacks
A particularly effective hack combines digital attacks and social engagement for nefarious means. These kinds of attacks have always been common, but the problem is that in today’s society they have grown incredibly sophisticated.
Someone might reach out posing as an official company rep, for instance, with the intent to gather passwords, account info and even payment details. They validate their authority by providing sensitive details that, by all rights, only a business should technically have.
Except the information was gathered through various means, sometimes even during a data breach of a compromised system.
It’s more about social interactions — hence why it’s referred to as social engineering — but still relies on sensitive details, many of which are stored in a digital form.
In the years ahead, this type of attack and the events powering them will become incredibly effective. It will be difficult to discern legitimate contact with that of unscrupulous parties, especially for the common person. This is not just concerning, it’s also frightening. In addition, it will propel by the vulnerability, accessibility and compromise of various personal databases.
3. No Business Can Be Trusted
Regulations like GDPR and CCPA should, by all rights, ensure that organizations handle sensitive customer data and information appropriately. They even put measures in place to punish offenders who are not in compliance.
It’s a welcome change in the current landscape and helps to force companies to pay more attention to the information they have, and how it’s handled.
Unfortunately, however, there are still instances where companies are going to look out for their own best interests, damning everyone else. A 2016 attack that was carried out on Uber, for instance, resulted in the breach of over 57 million user profiles including information about email addresses, mobile numbers, names and more. The names and driver’s license numbers of over half a million Uber drivers were also compromised.
Rather than publicly disclose the breach and take action to protect those affected, Uber paid the hackers $100,000 to delete the data. Even worse, the company didn’t even share that it was attacked until over a year later. They were fined $148 million as a result.
Uber isn’t the first, and it won’t be the last. The key takeaway is that we cannot trust any organization to protect our sensitive data, no matter how many regulations are in place.
4. More Devices, More Channels, More Data
With the emergence of technologies such as IoT, mobile computing, cloud computing and much more it means that the total amount of data is also growing, exponentially. One could argue that the amount of information surrounding an individual is routinely growing as well, allowing for a near total picture when compiled.
IoT devices such as smart home cameras, smart doorbells, and smart assistants can provide hackers with plenty of extraneous information. One could discern, for instance, someone’s daily routine such as when they leave for work or when they arrive home.
This could also apply to when they go to sleep at night, what places they might visit, and what purchases they might make or stores they might enter. It doesn’t seem like it up front, but all of this information can be combined to build an accurate profile of the said person, at the least to carry out more targeted attacks.
What if a hacker could see when you aren’t home, gain entry to your house, — unbeknownst to you or any of your family — to steal belongings and valuables or plant something, like a hidden device. It’s a scary thought, but it’s something that could happen.
As more devices come online and collectively we — as a society — begin to use them, it generates more robust data, which in and of itself is more information to use against us.
Understanding Data Privacy and Security
Sadly, one of the best ways to protect ourselves is to simply not use the devices and platforms in question. The result is that sensitive and private information is not created, collected or passed on, therefore mitigating the risks. That’s not always possible, however, which means that understanding data privacy, in general, is necessary to thrive in today’s landscape.
Avoiding sites like Facebook or Amazon won’t necessarily keep you safe either. Sometimes these companies collect data regardless through a series of channels, or may acquire and store data sold to them through other providers.
Again, the best defense is to stay informed. Make sure you and your family understand the types of attacks and events that are happening, like social engineering attacks, and how to protect yourself.
In addition, keep an eye on those regulations and policies and how that might affect you and your data. GDPR, for example, forces all companies doing business with European citizens to offer a “right to forget” system that allows people to request and purge any and all data collected about them.
Doing this routinely can help prevent sensitive information from falling into the wrong hands.