In the current era, where everything is getting connected, right from your mobile phones speaking to your smart televisions or an air conditioner, a sensor monitoring your health and fitness levels, a smart home system which is listening and acting to your voice commands, a personal assistant system like “Google Assistant”, “Siri” or “Alexa” responding to your instructions etc., this is made possible by using some of the prominent technology innovations like Cloud Computing, Smartphones, Internet of Things and various social media platforms which are offering many features for people to share more and more personal information. As per a recent study, by 2020, there will be 20.4 billion connected devices and the number may go even higher. These technologies advancements are generating unprecedented amounts of data streams which is challenging the privacy and safety of personal and corporate data/information.
The new mantra as it is said “Data is currency”, which means data or information is gaining prominence and helping mankind to take more objective decisions which is backed up by facts and figures. Adding to this technology like Big Data, Machine Learning and Artificial Intelligence are helping to quickly process this data and getting meaningful aggregations and inferences out of it adding to the quick decision-making process.
As it’s said by a prominent professional:
“Personal data is the new oil of the internet and the new currency of the digital world” – Meglena Kuneva
“It’s valuable, but if unrefined it cannot really be used. It has to be changed into gas, plastic, chemicals, etc. to create a valuable entity that drives profitable activity; so, data must be broken down, analyzed for it to have value.” – Clive Humby
As the saying goes there are “two sides of the same coin”. On one end data/information is used to make constructive decisions for business advancement and personal convenience and at the same time hackers are seeing opportunities to use the same data/information as a new medium of ransom. In the recent times we’ve seen many breaches being reported and most of this information is available on Darknet at a reasonable price for various stakeholders to misuse it for making personal gains.
Also to add, with increased regulation from state actors (like GDPR, California data protection law, HIPPA, Personal Information Protection and Electronic Documents Act etc.), safeguarding sensitive personally identifiable information or personally identifiable information (SPII / PII) has become a prime challenge for many organizations looking at varied facets of threats available in the market. There are companies in the past who have been subjected to legal prosecutions resulting in ending up paying huge fines for not complying with these standards.
In the current context where the same version of confidential/sensitive data is spread across an organization and sits in various places (databases, cloud platforms, collaboration tools, file system, end points, e-mails etc.), it is getting very challenging for security professionals, security architects and security engineers to come up with a single solution to address all security gaps at various levels. More and more lack of some basic controls like data/information not appropriately classified, not enough awareness among the employees how to handle various types of data/information are making things even more challenging for security professionals to safeguard data/information.
In this ever-changing era, it’s a challenge for a security professionals to keep up with the pace of offering in the security services. It’s a race game between convenience vis-a-vis cybersecurity. One thing which is very prominent and consistent for security professional is to stick to the basics. As the saying goes “You can only protect if you know what you have to protect”.
At an organisational level, as a first step it’s important for an organisation to identify its information assets, having a baseline will help in knowing the width & depth of what has to be protected. Once determined, work along with various stakeholders in designing controls which will help achieve the security business objectives.
In a similar vein, at a personal level, an individual has to maintain a level of hygiene to what extent they want to be in the public domain. As we all know, once you are in public domain whether it is true or false it’s very difficult to change the status quo. They should constantly educate themselves on the implications of sharing such information and what implications it can bring to them.