If you use the internet at all, you’re likely aware of the data breaches that effect millions of people every year. People are more willing than ever to share details about their personal lives on the internet, which is just one factor contributing to the frequency of these hacks and data breaches. In 2019 and beyond these six issues are all likely to become much more prevalent.
1. More Large Scale Data Breaches
There will no doubt be more hacks and breaches into major companies’ databases in the coming year. Once companies began to see the value of collecting user data, there was a rush to get as much data as possible. An unfortunate result of this rush is that the data gathering technology was in place long before the security and user-privacy measures were setup.
Single Layer Protection
One of the reasons that data breaches are so common is that too many companies assume that single layer protection is enough to keep their data secure. Any enterprise-level database needs to use a multi-layer authentication and security system to keep hackers from accessing the contents of the database. Multi-layer protection means that to access a database, you need to have a certain IP address, have log in credentials, and not raise any red flags in how you’re interacting with the data.
Single layer protection may just grant all users on internal IP addresses access to databases or servers. This is a problem because any user could share their log-in credentials and give anyone access to a company’s data.
Advantages of a Layered Security Strategy
According to Webroot, advantages of this strategy include:
- A strategy for guarding against ascendent polymorphic malware
- Protection from attack via email attachment, files, adware, links, apps, and more
- DNS-level security to defend against threats originating at the network level
- End-user education programs to address the source of 93 percent of all data breaches– user error
2. Non-Secure Data Transfers
In the past, people wanting to access a database would have to have physical access to the computer or server that it was stored on. However, now people routinely access databases remotely and even from phones. Even if a user has been authenticated, there are always risks to transferring data over external networks.
A network or a server is only as secure as its weakest connection. With more and more devices to worry about, like Internet of Things devices or smartphones, organizations are finding it more and more difficult to secure their data.
Data is Moving To The Cloud
One factor that contributes to non-secured data transfer is using cloud storage at an enterprise level. Cloud storage is great because it lets approved users access data remotely and gives organizations affordable servers and databases without running their own data centers. However, transferring that data from the cloud to a user’s device is a weak point in any system.
3. Granular Data Access Control
Granular Access Control means that you can control who has access to specific parts of a database on a “granular” level. It’s one of the best ways of preventing data leaks from internal users. If a system is all or nothing, where a user either has access to all of the resources or none of them, it raises the risk of misuse or mishandling of sensitive data. Limiting access to only the necessary resources, or the ones a specific user needs is the best practice.
In this access control model, the best system will adhere to the principle of least privilege. This means that by default, a user will be allowed the least amount of access that will meet their needs.
“However, it is not only the access to different parts of the system that are defined – the level of permissions must also be determined. As stated earlier, database and web administrators only need access to select servers and commands, while, Linux administrators typically need access to all servers and all privileged commands. Being this explicit in access and permissions prevents accidental and intentional tampering that can result in data breaches or loss.” Source: HelpSystems.com
Encryption is the best way to keep information private and secure. When data is in a database in encrypted form, even if a hacker gets into the database, the information they find will essentially be useless. However, there is push-back from groups like the CIA, FBI and NSA. These groups are against encryption because it makes it harder for them to monitor people’s information and files.
- Read More: What is Encryption and How Does It Work?
Surveillance organizations want companies to build back doors into their systems so that they can access the contents of a database if they deem it necessary for security purposes. The problem with back doors is that they create vulnerabilities in a system for hackers to exploit. In any encrypted file storage system that has a built-in back door is less private by default. The back door makes the entire system as secure as the backdoor itself, which cancels out the security of the greater system.
5. More Applications for Big Data
Data collection is growing more advanced, as is the technology that data scientists and other analysts use to draw valuable insights from that data. Businesses are constantly adding new ways to collect information about their customers. One of the more recent examples is facial recognition. Brick and mortar retailers are implementing facial recognition to track customers and their shopping behavior. Without this technology there wasn’t a way to analyze people’s movement throughout stores or which products people interacted with the most. These retailers can now use this information to optimize their store layouts and customers’ experiences.
One of the outcomes of organizations relying so heavily on user data is that they are constantly adding new data collection measures. But this information could have major privacy and security risks if it’s not properly protected. Whenever an organization decides to collect data from or about people, it’s the organization’s responsibility to keep that information safe from any malicious actors.
6. IT and Organizational Security Audits
Part of making the internet data ecosystem more secure is for organizations to audit their current data practices. The unfortunate truth is that even the largest companies that stand to lose the most from a high-profile data breach, have plenty of security faults and issues. One trend that we see becoming more common in the coming year is IT and security audits at an organizational scale. These will analyze the data processing measures and user authentication that a company uses and will identify any vulnerabilities before they lead to breaches.
According to a 2018 Ponemon Institute survey, “97 percent of security professionals agreed a cyber attack caused by an insecure device could be catastrophic for their company, but only 15 percent had an inventory of the IoT devices connected to their systems, and fewer than half had a security protocol that would allow them to disconnect devices seen as high-risk.”
Ideally, databases should be created with privacy-by-design. If privacy wasn’t considered when the data management systems were put in place, there will be far more vulnerabilities in the system. According to the International Association of Privacy Professionals, about 85 percent of data breaches are due to unintentional human error. Organizations need to focus on educating their employees on how to minimize data security risks and what the greatest threats are.