In an attempt to uncover information on Olympians and their alleged banned substance consumption, two hacker groups were lately the perpetrators of a massive data breach on the World Anti-Doping Agency, WADA (1). It’s the latest of the large data breaches, now a common occurrence.
Before you carry on, have a look here: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ to get an idea of the numbers, and how real the threat is.
This is going to be about the why of data breaches. They happen for a multitude of reasons, and they’re crucial in understanding the darker side of businesses having everything in the digital realm. The fact of the matter is that to do business today, you need to be connected. You need data on your customers, your suppliers, your products and the behaviour of all these stakeholders. Data-driven decision-making is a science that works with massive amounts of data, and it’s made possible by the proliferation of constant data gathering and the availability of virtually free storage to hold it and analyse it. Digitalised businesses gather, use and need this data for their most basic processes. As such, the data gains value. What used to be a series of 1s and 0s is now worth something. What happens when something is worth something?
Right.
Someone will be looking to steal it. Now, hackers are a peculiar bunch. They have wildly different reason for doing what they do. From personal research and past projects, here’s the gist of it. Here’s why hackers do what they do.
- Reselling the data. Online accounts, credit card numbers and identity papers that you can quite literally browse a shop for. Customer data that is stolen by the millions, and is resold for next to nothing: $10, $30 and $90 in that order, 24/7 customer service included. Generally quite harmless in the grand scheme of things. Damage: 1/5
- Defacing organisations. We enter the realm of every security expert’s nightmare. Large businesses having their data centres breached and their confidential information released. Not only is the financial cost of this considerable ($4 million per data breach, at minimum (2)), but the loss of goodwill and public image can be enormous. Think of financial organisations or government agencies that rely on trust. Damage: 3/5
- Creating political instability. Remember that WADA debacle this post was introduced before? There’s no proof it came from Russian hacker groups. Yet that’s how Western media pitches it. Same went for the Clinton email hack earlier this year. Sources and reasons are still unclear, but the opinion of more than a few media outlets is that it came from the Russians (Russia is home to some of the most notorious hacker groups.) – or from the Trump camp. A conclusive opinion is yet to come, but think of the mess it creates, pitching everyone against everyone. (3) Damage: 3/5
- Wreaking havoc. This one goes a bit further than the rest because it is completely gratuitous. Hackers are among the most skilled individuals in the world of IT. And naturally, in the crime world, street rep is a huge deal. So to prove that they’re the best, hacker groups pick targets and destroy their public image, just because they can. Damage: 3/5
- Cyberterrorism. While all of the above are generally harmless for human life and equipment, cyberterrorism has the capability to bring cities to their knees, cause the loss of human life and start wars between countries. Nation-states create political unrest and spur others to enter an armed conflict. Power plants are shut down from across the globe. The UK now considers cyber attacks and terrorism as their number one threat to national security (4). Stuxnet, in 2007, brought US/Iran tensions to a new high when the allegedly US/Isreali-developed computer worm infected Iranian nuclear centrifuges (The story is fascinating, go have a look (5)). Cyber defense teams are now an integral part of a country’s armies and intelligence services. Damage: 5/5
So here we have it, the darker side of having data in numbers that dwarf our imagination. It’s a short perspective that can be expanded on how to protect us against all this, how big data analytics and later, quantum computing, will help reduce data breaches. We’re missing the part that you, as a customer, play in your data security – and the whole question of privacy. I hope this short post sparked the interest in what is a fascinating subject that starts at the top of an organisation and ends in the darkest corners of the hidden web.
Make no mistake, data breaches will happen in organisations and governments. It’s not a question of if anymore, but a question of when, and who will be affected. Protecting ourselves against them is absolutely crucial, and as future BIM grads, I hope we will have an integral part in doing so. Happy to answer your questions and comments below!
References
- https://www.rt.com/op-edge/359521-wada-case-shoot-russian-messenger/
- http://www-03.ibm.com/security/data-breach/
- https://www.theguardian.com/us-news/2016/jul/27/donald-trump-russia-hillary-clinton-emails-dnc-hack
- http://www.bbc.com/news/uk-11562969
- http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet