Data breach has become a legitimate reason for failure in many instances. Cambridge Analytica is perhaps the best known example. The company used an app to extract data from Facebook. The data was harvested to influence the US election among other things. The latest case of a company suffering from data breach is Google. Although many people may not know this, Google has its own social platform called Google+. Third-party apps were able to retrieve the information of 496,951 profiles. The importance of strict data protection of user information becomes urgently apparent for companies. So what exactly is a data breach and what can be done about it?
A data breach is described on trendmicro.com as “an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.” This means that a data breach is not necessarily digital. However, due to the digitalization, a lot of personal information is online nowadays, making it interesting for hackers to gain access.
Besides the completely technological side of data breach through hacking, an important aspect in retrieving personal information is psychology. Social engineering is used to provide cybercriminals with a crucial part of information to break into the personal information of the victims. The four most important emotions used by this social engineers are fear, greed, obedience and helpfulness.
There are multiple defences against a breach in your digital defence. As described by Andrew Rossow (2018), the first one is the regulations concerning privacy. Businesses must clearly identify who is allowed to enter the data of the customer. These regulations need to be up-to-date to the legislation imposed by governments. Also, a incident response plan is advisable to maintain.
Secondly, AI can be used to encounter penetrators of the system. In the future, AI is likely to be used in many situations including cybersecurity. It takes a lot of time to build a completely new malware, and therefore many old frameworks are used. AI can be used to detect and block these malwares.
Lastly, blockchain has potential to improve digital security. As AI, blockchain is a hot topic and there is a lot of discussion on its potential. The centrality of the data makes it impossible for internet swindlers to use the information. Of course this does not solve the case in which data is breached which is meant to stay secret.
Personally, I think this topic will become even more important as the technology evolves. From the three solutions Rossow suggests, I would say AI has the greatest potential of solving data breach (partially). This predication is based on the potential of discovering malware, which the other defences do not have.
(Sources: https://www.networkworld.com/article/3070455/cloud-security/hacker-psychology-understanding-the-4-emotions-of-social-engineering.html, https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election, https://www.forbes.com/sites/andrewrossow/2018/05/23/why-data-breaches-are-becoming-more-frequent-and-what-you-need-to-do/#7a1920e1d97f & https://techcrunch.com/2018/10/08/google-plus-hack/?guccounter=1)