How Data Collection Impacts Cybersecurity
We’re living in an increasingly connected world, with a growing number of devices and digital services collecting, storing and processing more data than ever before.
Emerging technologies continue to add value to our lives in work, social and consumer settings, but how does this impact cybersecurity risk?
Our Digital Footprint
Our personal data is collected in countless ways. Manufacturers collect technical data when we have issues with an app or our computer, we fill out online forms to access public WiFi when we travel, retailers collect our behavioural and demographic data to inform advertising efforts – the list goes on.
According to anti-virus provider Kaspersky, more than 940,000 of its users were attacked by malware designed to harvest a variety of data on their computers in the first half of 2019. In a world where most transactions are now done online, we often assume organisations will have appropriate security measures in place, but even the most sophisticated cybersecurity technology isn’t foolproof. A study from Juniper Research predicts annual online payment fraud losses from ecommerce, airline tickets, money transfer and banking services will reach $48 billion by 2023.
Emerging Technology and Increased Connectivity
As businesses continue to disrupt traditional industries with emerging technologies, there is immense opportunity to create value but equally a greater need for security. Although IoT offers endless possibilities – from smart homes to entire smart cities, data sharing and connectivity between devices leave businesses significantly more vulnerable to a breach.
The sheer amount of data being collected, not to mention how and where it is collected, processed and stored, makes it extremely difficult to safeguard. When a breach occurs in one data point, the entire ecosystem is at risk of being compromised. In the absence of official IoT guidance, technology partners are left to develop their own cyber risk policies as data governance is not evolving at the same pace.
Data Protection Legislation
Just over half of all countries globally have some form of privacy and data legislation in place, and nearly one in three companies fall under the EU GDPR jurisdiction. GDPR applies to any organisation processing data of EU citizens, requiring the secure storing and processing of all sensitive data using appropriate operational and technical measures. It holds businesses accountable for managing security risk, reporting incidents and minimizing the impact when they do occur.
Data protection should be the concern of more than just the IT department, and organisations should demonstrate shared accountability across key business functions. In its latest annual Cyber Security Breaches Survey the Government Department for Digital, Culture, Media and Sport (DCMS) reported that cyber security is a high priority for 78% of businesses, up from 74% last year.
Among the organisations that identified breaches or attacks (32%), the most common were due to phishing emails, impersonation and viruses or other malware. 30% of businesses made changes to cyber security in regard to policy, training, system configurations and contingency plans because of GDPR, but there’s still a long way to go.