At the beginning of the year 2018, Facebook CEO Mark Zuckerberg gave an assurance to address numerous issues of Facebook. However, it is easier said than done. It seems like as soon as Facebook fixes one issue, there is another one that crops up. The recent issue is a data breach, disrespecting the privacy of its users and sharing their data without their permission. The data breach has become so common that people are numb to it.
The latest obstacle that’s bothering Facebook is due to the conjecture about the misuse of data by Cambridge Analytica. It is a data analytics firm owned by Robert Mercer. However, before we dive deep into this scandal, let’s get the basics right. What is Data Breach? How will it affect businesses? What the threats that data breach creates? This article also speaks about other eminent organizations that are prone to data breaches.
What is Breach of Data?
The process of decoding or hacking secure database and compromising the private information within it is Data Breach. The word “data” in this case often defines crucial and confidential details like customer accounts that are under the watch of law and are vital for Federal regulatory bodies.
A data breach arises once an illegal hacker or assailant gains contact with reliable records or a data repository. Data breaches characteristically have an affinity towards rational or digital data and often occur over the Internet or a network assembly.
The mismanagement of information is classically overseen bylaws and/or corporate policy. However, despite strict laws and policies, data misuse is increasing, and wrongdoers are usually both individuals and corporations
Why should data breach concern us? And How can it harm us
The number of data breach incidents is rapidly increasing, and it is bothersome. In line with the Breach Level Index, 1.9 billion data records worldwide were undermined all through the start of 2017 due to 918 data breaches. The count of lost, stolen records has increased by a shocking 164 percent in comparison with the closing six months of 2016.
Data breaches are a hazard to every organization. Breach harms the business and goes beyond the definite leak or disclosure of private, confidential data. Companies must incur substantial financial costs to remedy and claim liabilities through complex legal processes. Thus, risk-prone organizations should keep themselves a step ahead in their database security, to guard their data against the innumerable external and internal threats.
How to Ensure Its Ethical Usage Of Data
For businesses of today, it’s a challenging task to gain access to the details of their target audience. The reason being the recent events in a renowned organization about the compromise of private information of their customers, otherwise called the data breaches. However, businesses can still ensure ethical use of data by adopting the following measures:
Often customers don’t know where their data is going, so a great way to establish trust is through transparency.
Choose partners wisely
Businesses should be careful while choosing partners. They must pay close attention to their data practices, and make sure they are considerate, careful and accountable. Otherwise, no matter how seriously you take data ethics, you could find your organization unknowingly wading into murky waters.
Get these following parameters wrong and the consequences can range from a loss of revenue to damaged brand reputation and legal repercussions. Now, that we know data misuse is dreadful, let’s learn more about it with examples.
The Cambridge Analytica Scandal
A whistleblower from Cambridge Analytica exposed to The Observer how Cambridge Analytica – a company owned by a hedge fund billionaire Robert Mercer and led by Trump’s key adviser at the time Steve Bannon – exploited personal information gathered by Facebook, without consent during early 2014 to create a structure which was able to predict the behavior of individual users, who happened to be the valuable US voters. They built a powerful software program to predict and influence choices at the poll booth.
Christopher Wylie, co-founder, and ex-research lead at Cambridge Analytica, in a conversation with The Guardian, said: “We exploited Facebook to harvest millions of people’s profiles and used that to build models to target these same people”.
However, Britain’s information commissioners are examining whether the Facebook data for “illegally acquisition and usage of data,” after it shut out Cambridge Analytica. Also, in the US, quite a few Republican legislators have expressed concerns about privacy violations after the news broke out.
Other Real-World Data Breach Incidents
The number of data breaches happening, reveal the many ways data security is threatened. The breaches mentioned below took place over a couple of years. Unquestionably, bigger and serious breaches lie ahead.
The list is in chronological order.
FedEx- 5 February 2018
A subsidiary of delivery and logistics multinational FedEx has kept enormously sensitive customer data on an open Amazon S3 bucket, fundamentally exposing all the private information to the public.
- The Kromtech security researchers brought to light the happening of the data breach on 5 February 2018. The perpetrator seems to be a firm by name Bongo International LLC, a package-progressing corporate which made buying American goods easier for global customers. FedEx bought this company in the year 2014.
- The leaked database had numerous scanned documents of American and global citizens – with details about their passports, driving licenses and security IDs all open for access in the bucket. The critical details like home addresses, postal codes and phone numbers were also available.
Uber- November 21, 2017
The ride-sharing expediency forerunner Uber discovered in late 2016 a data breach that possibly revealed the personal information of 57 million Uber users and drivers. However, the company chose to pay the hackers $100,000 to hide the news of this enormous data breach, rather than notifying those affected by the breach. Hackers did not secure direct access to Uber’s core systems, but it was relatively through GitHub, a service that Uber’s engineers employ to work together with software code. Two hackers took the data stored on GitHub, which comprised of details names, email addresses, and phone numbers of Uber users worldwide.
Lessons Learned from Facebook-Cambridge Analytica and other cases
The news about private Facebook user data exploitation by Cambridge Analytica is another daunting and demoralizing reminder of how data is gathered about us, and how little control we have over it.
Self-sovereign identity systems could possibly eradicate many of the data privacy concerns, allowing individuals to step into the online world. The success of the technology, hinge on its ubiquitous acceptance.
These systems are currently under development and are among the few that exist to fight against data breach. This involves the creation of an inimitable and tenacious identifier known as decentralized identity, which cannot be stolen. The systems employ both public/private significant cryptography. It empowers users with a private password (a thread of numbers) to share information and provide access to secure data to others if they have the corresponding public key. Decentralized ledger applications like Blockchain, is the backbone of these systems.
Measures Taken By Facebook To Prevent Future Data Breach Occurrences
Zuckerberg said that Facebook will certainly learn from this incident. He also said that they’ll aim to make the Facebook community a safe place for everyone going forward. So, here are a few measures Facebook took after the happening of Cambridge Analytica scandal.
Facebook will investigate all apps that had access to information
Facebook will “examine all apps that had access to large amounts of information” before they changed their “platform, to radically reduce data access in 2014”.
Zuckerberg further announced that Facebook will also “conduct a complete audit of any app with apprehensive activity”. Zuckerberg also said that Facebook would “ban any developer” that “does not agree to a thorough audit” from the social media platform.
Facebook will further restrict developers’ data access
Facebook will regulate the data that developers can access. Zuckerberg further said that Facebook will “restrict developers’ data access to avoid any kind of data abuse”. Going forward, Facebook will reduce the data, the users give while signing in to any of their applications. It shall only ask their name, profile picture, and email address.
New Facebook tool for users to manage app’s data access
Facebook wish to empower the users and ensure that they can easily manage data the apps access. Zuckerberg said that Facebook wants its users to understand what data permissions they have given to the apps to use. Next month, Facebook will provide a tool “at the top of the News Feed” that will show the users of the Facebook-owned app have used and “an easy process to retract those apps’ authorizations” to their data.
General Strategies To Avoid Data Misuse
There is a need for the addition of data-centric solutions. It has strong governance, explicitly over the read-only files and data sets. Encryption provides this type of control; however, it must be ethical encryption. This way there the risk of data breach is less and businesses are safe from the data breach expenses.
Some of the other measures to avoid data breach include access control, security automation, monitor data threats and breach response strategies that’ll trigger a quick response to data breaches and help in reducing the harm it would cause it left unaddressed. There are even options for electronic signature software and endpoint protection solutions. These technologies could only be brought into action if the workforce at organizations is well- aware of these updates and its usability. Thus, rightful investments must be made on IT teams. There’s a great need for as many talented professionals as possible.