Tag: Data Breach

Why should we care about our privacy?

Privacy in general terms is the right to be left alone or freedom from interference or intrusion. In terms of the internet, privacy is the right to have some control over how your personal information is collected and used.

More technical innovation gives way to more efficient and advanced technologies. In recent years the information has become the most important component to cultivate this innovation. As many new people are coming on the internet and the amount of information being shared is increased manifold. Every organization or individual is entering the realm of the digital world and data is the entity of this world. Data is also very essential to understand a user or a customer or a client but sometimes there is no limit to the amount of data that an internet corporation is willing to extract. Somewhere there has to be a line that needs to be drawn. In recent years there have been many issues regarding the privacy policy of many tech corporations. Facebook has been in controversy much time. Recently Whatsapp’s privacy policy also raised many questions, then in an ironic move Whatsapp raised the question of privacy by suing the government regarding the new Information technology rules. But this is just the tip of the iceberg and numerous other aspects get overlooked. First, we will need to understand what this privacy means for us as individuals. Only then we can clearly determine the relevance of these rapidly changing developments in this subject.  

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”

-Edward Snowden

It’s not that privacy means that there is something to hide; rather privacy is having things you don’t want to show. For instance, people would not like to post their Bank account online or Bank statements. People would also not like to have a public camera inside their homes. Similarly, there are some things that an individual would not like to share online. Privacy can provide secrecy, but there is more to it. Privacy also provides autonomy and therefore freedom to an individual. Well, there is even more to privacy than the freedom that many people do not realize which is that when we think we’re being watched, we make behavior choices that we believe other people want us to make.  Humans intrinsically like to avoid societal condemnation and perception of whether or not we are in private changes the way we behave. This indicates the benefit that a state can have with surveillance and can lead to a conformist population.

As it is stated by many that data is the oil and for many tech organizations it truly is. We can witness this with the various technological corporations that rely upon user data including Facebook, Google, Amazon etc. But Even Smartphone manufacturers like Xiaomi have realized the lucrative benefits of collecting and selling user data. For these companies, our data is money and they earn billions of dollars with this data. Both the private tech giants have clauses in their privacy policy that allows government agencies and third parties to access the data. The data that gets uploaded on the internet never gets deleted and stays there forever. What we have to realize is that even if the information seems futile today, it may have an importance tomorrow. In conclusion, privacy is not a trivial issue and people will have to understand its importance until it’s too late.

References:

Data Breach – An Overview

A data breach occurs when sensitive, confidential, or otherwise protected data is accessed and/or disclosed without authorization. Personal information, such as credit card numbers, Social Security numbers, driver’s licence numbers, and healthcare records, as well as company information, customer lists, and source code, are all common data breach targets. A data breach occurs when someone who is not authorised to see or steals personal data from the entity in responsibility of securing it.

Causes of a data breach

While data breaches can take many forms, they are virtually usually the result of a weakness or flaw exploited by hackers to obtain access to an organization’s systems or processes. A data breach could be caused by a variety of factors, including:

  • weak login credentials
  • social engineering scams
  • malware or ransomware
  • phishing
  • lost or stolen hardware (laptops, hard drives, mobile devices)
  • lack of access controls
  • back doors
  • insider threats
  • user errors

Regulations on data breaches

To avoid data breaches, a number of business guidelines and government compliance rules need stringent controls over sensitive information and personal data. There are no particular laws that govern intellectual property protection. However, a breach of that type of data might result in serious legal conflicts as well as regulatory compliance concerns.

The Payment Card Industry Data Security Standard (PCI DSS) governs who can receive and use personal information (PII) in financial institutions and other businesses that handle financial data. Financial information such as bank account numbers and credit card numbers, as well as contact information such as names, addresses, and phone numbers, are examples of PII.

What can be done to avoid data breaches?

There is no single security technology or control that will completely eliminate data breaches. Commonsense security policies are the most reasonable means of preventing data leaks. These include well-known security fundamentals like:

  • conducting ongoing vulnerability assessments
  • penetration testing
  • implementing proven malware protection
  • using strong passwords/passphrases
  • consistently applying the necessary software patches on all systems

While these measures will help to prevent intrusions into an environment, experts recommend encrypting sensitive data, whether on-premises or in the cloud. Encryption will prevent threat actors from accessing the actual data in the event of a successful breach into the environment.

Well-written security rules for employees, as well as continuing security awareness training to promote those policies and educate staff, are further strategies for preventing breaches and minimising their impact.

Employees may be given the minimal minimum of permits and administrative rights to accomplish their jobs under such rules, such as the principle of least privilege (POLP).

In addition, firms should have an incident response plan in place in the case of a security breach or intrusion. A rigorous method for identifying, containing, and quantifying a security event is usually included in this strategy.

A list of notable data breaches

According to the 2020 Verizon Data Breach Investigations Report, the banking business has the most verified data breaches, followed by information services and the public sector. In recent years, there have been numerous massive data breaches at both huge corporations and government institutions.

Target:
Target Corporation revealed in 2013 that it had experienced a large data breach that exposed customer names and credit card information. People, state governments, and credit card companies have all filed lawsuits as a result of the Target data breach, which affected 110 million customers. Legal settlements totaled tens of millions of dollars for the company.

Sony Pictures:
When threat actors launched malware that disabled workstations and servers in late 2014, Sony Pictures Entertainment’s corporate network was shut down. The data theft was blamed on a hacking group known as Guardians of Peace, which exposed unreleased films taken from Sony’s network as well as private communications from corporate leaders.

Source:
What is a data breach? (techtarget.com)