You may have heard the term ‘weaponizing data’ float across your feed once or twice. In the age of new privacy regulations such as GDPR, many of us don’t think twice about clicking ‘accept’ for websites to harvest our likes and purchases. But what if this information was turned against you? Not just to potentially commit fraud, but to blackmail a company or take down an individual.
In the internet age, one of the most valuable assets any company holds is their clients’ data. And so the security that goes with this must be treated as a real concern, despite how blasé the user might be. While GDPR guarantees a certain level of protection, there are still a wide variety of potential flaws that organizations should worry about and that could be exploited by possible cyber attacks.
Just take a look at what happened to the NHS in the UK when they were hit by a blatant attack of data weaponization in October 2017. With computers holding vital patient information held to ransom, the NHS fell victim to a widespread data attack that saw 19,000 appointments being canceled and a damages bill of over £92 million for the British government. Servers that store healthcare data are particularly attractive to hackers, who gain access to large amounts of private data when successfully accessing these servers. The widespread use of outdated computer systems amongst health care facilities may have been partly to blame, but the causation remains the same. Cloudflare, an online infrastructure provider, announced a data breach in 2017 in which about six million customers’ data was accessed, including personal data submitted to household names such as Fitbit and OKCupid. Again, it appears that it is this highly privileged data that is sought after by hackers.
And to be clear, the WannaCry attack was not only targeted at the healthcare sector, companies including FedEx and Renault were also affected by the attack, but consumers are understandably more concerned about their health records being accessed than other, less personal data. The nature of the data that is obtained means that using it as a weapon is relatively-speaking straightforward and profitable.
The WannaCry attack cost the government approx £92 million and gave the attackers access to people’s most personal data. It was an extreme example of a nightmare situation that security companies believe we are only a few steps away from.
Selling of data
So how can data become weaponized? It is something Apple CEO Tim Cook is paying great attention to, last month he called for the creation of new federal privacy laws while speaking at the International Conference of Data Protection and Privacy Commissioners in Berlin.
Trade has exploded into an industrial data complex. Our own information, from the every day to the deeply personal, is being weaponized against us with military efficiency. These scraps of data, each one harmless enough on its own, are carefully assembled, synthesized, traded, and sold.”
While lawmakers across the world acknowledge that privacy laws need to go further, it will be years before internet users, in particular, will have the security they crave. So what can individuals do with their data? While some will go as far as to try and minimize their data footprint, others are looking to exploit it and sell their own data on their terms.
That’s why data selling platforms are becoming popular and with emerging technology such as the blockchain, transparency is truly the name of the game. Indeed, critics of Cook are simply asking why instead of looking for long-winded laws, he simply doesn’t advocate the blockchain.
Daconomy.io is one of the companies that is setting out to manage the data market; they keep 60 million records safe on the blockchain. The company, based in Germany, has an ethos centered around the importance of safely managing people’s data.
CEO Ulrich Schober founded Daconomy and the Schober Information Group as a way of managing data as an asset, including the sale and transfer of legitimate information. Many DAX and Fortune 500 organizations now use the company.
While for some self-managing privacy is enough, Schober believes that the law should go further. In response to Cook’s answer to privacy laws he says:
We need new standards driven by a healthy mix of strict yet flexible laws, controlling mechanisms and the use of new technology and providers that offer solutions that represent the user and ensure ethical correct data usage.”
Law “not the way forward”
However, Daconomy doesn’t think that federal law on the subject is the right way forward but believe instead that a flexible approach would be better suited the nature of the problem.
Due to its nature blockchain and AI-based solutions are a great base for a fair and non-corrupt data trade. Smart decentralized solutions make strict laws obsolete. Laws that would keep us from leveraging the enormous potential that secure and fair AI and blockchain driven data trade offers.”
So while some data breaches can be attributed to human error, with the introduction of GDPR in Europe soon, they won’t have that excuse.
Companies who have not been subjected to the GDPR rules that involve any data with a European element to it currently do not have any kind of legislative infrastructure in place to define how data should be handled and stored, making future attacks not only possible but likely. The value of data is growing, and users share increasingly large amounts of information about themselves online, so the reality of it being weaponized is real and cannot be neglected by companies.
Now a call to arms has been put in place by a huge company such as Apple, its harsh stance against companies it believes to be abusing users’ trust were well noticed and are the most explicit criticisms that the firm has voiced to date. Cook went on to call for federal data privacy laws to be introduced in the U.S. and praised the GDPR framework set in place in the European Union back in May.
With this in mind, the race for both the control and cost of personal data really has only just begun.