Data Theft: An Underestimated Threat
With the plethora of technological advancements, increasing internet speed and reducing costs of accessing the internet, we are constantly generating large amounts of data every second.
Every time access our smartphone, laptop, smart TV or any other electronic gadget, we generate data. Heck, our smartwatches even generate data while we sleep. Truly, the 21st century is the ‘Internet Age’ which has revolutionised the way we live.
The outbreak of the Covid-19 pandemic has further aided to our dependence on technology. Every aspect of our life, from work to working out, has moved online. It has disrupted some industries like aviation and hospitality and forced many conventional businesses to go online. Seeing the recent trend, the numbers published by DOMO in its 8th Edition of Data Never Sleeps comes as no surprise.
In 2020, the internet has reached almost 60% of the population and each individual creates around 1.7MB of data every second. Every minute, people spend $1,000,000 online, stream 404,444 hours of video on Netflix, upload 500 hours of video on YouTube and post 347,222 stories on Instagram.
Evidently, every company aims to collect as many data points as possible and make sense out of it to learn about its customers and make data-driven decisions to drive revenues. Hence, every company’s information is its holy grail. Hackers, unable to collect these huge amounts of information by themselves, try to gain access to this information.
Although this information doesn’t seem important its theft can have some serious repercussions since some of this data is highly confidential. Hackers try to access the financial details of an individual to transfer the money in the individual’s account to their account, misuse the unique identification of an individual to steal their digital identity, access the data to a country’s military secrets, etc.
What exactly is ‘Data Theft’?
According to the U.S. Department of Justice, data theft or data breach is defined as “The loss of control, compromise, unauthorised disclosure, unauthorised acquisition, access for an unauthorised purpose, or other unauthorised access, to data, whether physical or electronic.” Keeping the information on customers safe is one of the biggest concerns of companies.
According to Kaspersky IT budget calculator, companies on an average allot a budget of almost a million dollars to their IT security in 2020, which is almost 40% more than the budget allotted in 2019. This budget comprises about 26% of the total IT spend. Moreover, following the current trend, the companies are assumed to increase their IT budget by 12% by 2023.
Despite all these painstaking efforts, about 45% of threats reported in the last 12 months are of data being breached. So, is it really worth spending almost a million dollars on IT security? Definitely! The security of any software is as good as its weakest link. If the weakest link is easily exploitable, companies will be susceptible to more attacks.
On average, the cost of one security incident is $312,117. Thus, it makes total sense to invest in securing data rather than being susceptible to data breaches. While the early adopters of data security policy were IT, banking and financial services, other organisations are catching up to improve their data security.
What are the different ways ‘Data Breach’ might occur?
Data breaches occur when a hacker tries to infiltrate a data source, a node or a network, to extract confidential information. The common ways to steal information are as follows:
Malware, or malicious software, is a piece of code that harms your computer or steals, encrypts or hijacks computer functions. It can infiltrate your system when you browse infected websites, download infected files or run malicious programs that appear to be genuine. This attack is usually focussed on individuals and businesses.
Ransomware is a malicious program that gains unauthorised access to your computer and locks it. In order to access your computer and your files, you need to pay a ransom generally in the form of untraceable cryptocurrency. This attack is usually focussed on enterprise companies and businesses.
In phishing attacks, hackers send fraudulent emails which appear to be genuine. These emails may contain an infected link, an infected attachment or may ask you to enter your confidential information on a duplicate website. Generally, these scams target individuals and businesses.
4. Denial of Service Attacks (DoS)
DoS attacks make a service, a website or a machine, unavailable temporarily or indefinitely by flooding the targeted machine with superfluous requests to overload the system, leaving legitimate requests unfulfilled. This attack is usually focussed on critical services like banks or educational institutions.
Over and above the common techniques, there are many other ways by which the hackers can gain unauthorised access to the data. We need to use our systems and surf the internet responsibly.
How can we save our data from being stolen?
There are many small things we have to be cautious about to ensure our data is safe and secure. These are:
- Do not access unsafe websites. Always access certified websites (those with SSL Certificates — https instead of HTTP).
- Read the terms and conditions of a website or software before accepting them. Ensure they are legitimate and you only share the data that is required.
- Use anti-virus software and keep your applications up-to-date. Also, use firewalls to prevent outside access to private information on your network.
- Use an on-screen keyboard to enter confidential information, since keyloggers might access this information with the help of keystrokes.
- Use 2-factor authentication for banking, emails and other applications which contains sensitive data.
What to do if your data is stolen?
To ensure the growth of the digital economy, while keeping the personal data of an individual safe, the Indian Government has set up regulatory mechanisms in the Information Technology Act, 2000. The government strives hard to keep the data of the country’s citizens safe and amends the rules as and when required. For example, the Indian Government banned more than 50 apps and is scrutinising more than 200 apps which might be sending sensitive information out of the country.
In an unfortunate incident of a data breach, you can lodge a complaint to the cybercrime cell. According to the Indian IT Act, cybercrimes can be reported in any of the 30 cyber cells, irrespective of where the crime was committed since cybercrimes come under the purview of global jurisdiction.
To encapsulate, at this time and age where information is our biggest asset and companies continuously strive to make sense of all the organised and unorganised forms of data, it is their responsibility to ensure that this data is kept safe and secure. Moreover, it is the responsibility of each individual to ensure they are surfing the internet responsibly by only visiting trusted websites, using legitimate software and proactively controlling the amount of information they share with external parties.
Surf Safely. Surf Responsibly.
Check out another article on Cyber Security Frameworks.
By Saarthak Jain