Introduction:
Now we all are living in a digital shell where everyone is interconnected. Digitization means converting data or information into a digital format which is essential for e-communication & e-governance. Also, digitization is required for any data processing, data storage and data transmission in a borderless world. In modern times using of digital technologies or running towards digitization has transformed global business models (Cloud tech driven platforms i.e Airbnb, Swiggy, Zoom & Amazon) and helpful for producing new business opportunities and generating revenues.
Privacy:
In today’s technological world generally, privacy means data privacy or information secrecy. Every individual's data should be protected and should not be used without the consent of the individual. Main purpose of data privacy is to protect any technology driven app or platform or portal user from unwanted cyber risks or threats. Now our society is very much dependent on various online portals or platforms, such as banking app, insurance app, pharma app, food delivery app etc. While using the services of these platforms or apps users must share some very critical personal data, which includes contact details, banking details, credit card no and many more. But the concern is whether these critical or sensitive data are actually stored in a safe or secured server or not. If any kind of casualties takes place who will be responsible and just to protect the interest of individuals or entities from any data breach the concept of data privacy is introduced.
Cyber Risk:
More we are connected globally, reliance on cyber world is also increasing significantly. Whenever we are inclined towards cyber technology, it is evident that cyber technology has its own pros and cons. In cyber world we must know that cyber security and cyber risks are the different sides of same coin. Cyber risk is the probability of unauthorised access of data or loss of data or any kind data breach resulting from a cyber-attack on any organization or individual. Data breach is a common cyber-risk, which will have an irrecoverable negative business impact and often arise from lack of insufficient unprotected cyber net. Cyber security means those technologies, processes or practices which are designed for the protection an organization's or individuals digital or virtual information, from unauthorized access by cyber criminals.
According to Deloitte Advisory Cyber Risk Services “the fundamental things that organizations undertake in order to drive performance and execute on their business strategies happen to also be the things that actually create cyber risk. This includes globalization, mergers and acquisitions, extension of third-party networks and relationships, outsourcing, adoption of new technologies, movement to the cloud, or mobility. And they are not going to stop doing these things any time soon. Cyber risk is an issue that exists at the intersection of business risk, regulation, and technology. Executive decision-makers should understand the nature and magnitude of those risks, consider them against the benefits a strategic shift would deliver and then make more informed decisions.”Digitization creates cyber risks:
Digitization brings a huge value to any business exposure. With the help of digitization various business worlds merged and bringing the new knowledge into the board room, which creates additional weightage to the business. Let’s come to a very common day to day digitization impact, e.g. we all are using various banking app, pharma app or edutech app basis on our requirements. Whenever we use any above-mentioned apps at that time there are some mandatory information which need to be filled, such as name of the user, address, email id, contact no, medical details, KYC details, bank details etc. Now the matter of concern is whether these users’ digital information is kept securely from any kind of cyber-attack or not. If yes then it is well and good but recent cyber-attacks on Indian stratups such as Upstox, BigBasket, JustDial, Unacademy is an alarm for digitization and cyber security infrastructure around the globe. In recent times not only startups, global IT giants such as Facebook, Linkdin had faced a massive cyber-attack.
Criticalities while sharing digital data to any platform:
There is a very common online security question, whether these online portals such as banking, edutech, insurance, pharma are actually safe or not? If any of these accounts hacked, at that time hacker can find out a lot more personal data which are generally sensitive in nature. With the help of these data any hacker can easily create an artificial or fake identity of actual user and later on these could create havoc in the society or in the corporate world. Hackers can try to use this information to get more sensitive information from that user and then that will lead to target the user in more destructive manner, which includes financial damage as well. One of the latest practices is any stolen digital information can be sold to dark web and hackers can get handsome amount but selling personal data in dark is more fetal in nature from users’ point of view.
It a well-known fact that not only hackers, it’s a technological advancement which had raised concern about internet privacy. One of the latest examples is the advent of the Web 2.0, which has caused social media profiling. Web 2.0 is the system that facilitates sharing and collaboration of participatory information through Internet from social media websites like Facebook, MySpace etc. If data are collaborating, sharing and interconnected with various platforms at that time data leakage or cyber-attack can be more dangerous.
Challenges of cyber infrastructure:
Roles, inputs and responsibilities of managers is changing generation by generation based on the industry requirement and technological advancement. It is very much evident in today’s public or private sectors jobs where every organiation is very much dependent on AI or ML and managers are also focusing on implementing such technologies for better productivity with less human resource. But there is an old school theory where managers are more preventive rather than and creative. In this old school theory managers are not willing to take risk by opting any latest technological development, rather than they would like to stick to the old process which is a preventive approach. This old school process where creative approach is not appreciated is become a challenge for cyber or digital advancement. Few other associated challenges are highlighted below:
- Lack of appropriate tools and platforms to scrutinise this technological transformation from older IT infrastructure to advanced digital infrastructure
- Though adaption of digitization is very fast but lack of effective frameworks or roadmaps has become a road blocker.
- There is a need of unified tool which will able to manage multiple tools or platforms and integrates all the challenges pertaining to these platforms.
- Need a platform which understands the legacy and the next generation infrastructure and to achieve this target. We must leverage the existing investments for this digital transformation journey.
- According to IBM the average time to identify a data breach in 2020 was 228 days, this is a very long duration to identify any data breach or cyber-attack. Based on IBM analysis Healthcare and financial industries required 329 days and 233 days to identify any data leakage. Spending so much time to identify and fight against data privacy threats is not good for these industries.
Privacy breach during digitization:
During the pandemic on 2020, every corner of the globe all industries had severely impacted. After that everyone was running behind digitization and this transition phase opened the gateway for cybercriminals who were able to target vulnerable victims in the healthcare industry, banking & insurance industry, education industry or many other industries. According to IMB Remote work during COVID-19 increased data breach costs in the United States by $1,37,000. In 2020 few of massive data breaches were mentioned below:
- On February 20, 2020, over 10.6 million hotel guests who have stayed at the MGM Resorts have had their personal information posted on a hacking forum.
- On April 14, 2020, the credentials of over 500,000 Zoom teleconferencing accounts were found for sale on the dark web.
- On August 20, 2020, Researchers at Comparitech uncovered an unsecured database with 235 million Instagram, TikTok, and YouTube user profiles exposed online belonging to the defunct social media data broker, Deep Social.
- On November 5, 2020, a database for Mashable.com containing 1,852,595 records of staff, users, and subscribers’ data was leaked by hackers
- On December 10, 2020, an undisclosed number of users of the audio streaming service, Spotify, have had their passwords reset after a software vulnerability exposed account information.
- On February 18, 2021, the California Department of Motor Vehicles (DMV) alerted drivers they suffered a data breach after billing contractor, Automatic Funds Transfer Services, was hit by a ransomware attack.
- Confirmed data breaches in the healthcare industry increased by 58% this year
- On November 5, 2020, a database for Mashable.com containing 1,852,595 records of staff, users, and subscribers’ data was leaked by hackers
Response to cyber threat:
With the recent incidents highlighted that all global organisations are surrounded by looming threat of data privacy, ransomware, information leakage, cyber threats and more. Now businesses have entered into the state of fear and to overcome such fear countries should bring have stricter rules and regulations regarding digitization, privacy and cyber threats. Without any guidelines or regulations, it would be very much difficult to curb these cyber criminals. That is why various regulations are enacted such as GDPR, CCPA, PDP Bill etc. These regulations have very strict norms for data privacy and secrecy, because in the era of digitization most compromised thing is “Data”. When we will be able to protect the use and flow of digital data, automatically all these cyber or data threats can be controlled. With the help of heavy fines and provisions of imprisonment has given a shelter of hope for the victims of cyber criminals. A vigilant privacy net would also prevent government or state agencies to misuse their power and prohibit to intrude into the personal lives of its citizens or any business details of organizations.
According to Harvard Business Publishing, globally one of the worst cyber-attack was “Maersk Global Supply-Chain Meltdown”. The chairman of A. P. Moller-Maersk had to confront with this massive cyberattacks. This attack had made the company crippled, where company possessed such a vast global shipping network that accounted for nearly 20 per cent of global container shipping. NotPetya was a particularly virulent strain of ransomware that, within seconds destroyed Maersks's servers and personal computers around the world. Maersk's senior system administrators had warned the company that its network was vulnerable, but the necessary upgrades were never completed.
To counter any cyber-attack there is a requirement for multilevel security measures. Updated antivirus & firewall is an effective solution to prevent data breach or any cyber-attack. Another effective way is service providers should take responsibility to take some proactive steps to make their users aware of any data fraud calls, emails etc.
Sum Up:
The biggest threat to digitization is not only the cyber threat in itself but an inability to build a sufficient technological deployment and failed to develop safe communication or data sharing net internally within the organization. Those organisations who will have effective technology will be in better position for their continued growth. But organisations who are in vulnerable position for digital or cybersecurity will expose their organization to risks with potential calamitous implications. Organizations or entities should take a comprehensive inventory of potential cyber risks, quantify their potential impact, and prioritize them effectively. Evolution of digital and cyber technology is an ongoing process so advancement to identify cyber or digital threat should be a constant process.
Reference:
News & Views available on internet; and Offline views of industry specialists.
This content was sponsored by Enkrypt Council
Enkrypt Council is a think tank on a mission to enable stakeholders to interpret and comply with technology laws. Enkrypt Council is engaged in deep research on global technology laws and policies, their interpretation and activism for social welfare.
