nu.nl
News about data leaks has already become routine, which is the consequence of abuse by the big tech giants that uncontrollably collect information about their users and customers.
Most often, the information is used for marketing purposes, which significantly helps companies to increase sales, but the data obtained are not always stored properly. For example, in early April, the media reported that a number of Dutch market research firms using certain industry-specific software had been hacked.
Experts assume that the incident could have negative consequences for approximately two million people in the Netherlands (more than 11% of the country's population). It appears that data including contact and income information was leaked and, in some cases, more personal aspects were also affected.
Specialists claim that the vulnerability was in the industry software, but it is extremely difficult to determine what caused it, because the vendor does not provide information about the incident.
At the same time, the Dutch regulator is one of the toughest in the EU, actively checking large technology companies and threatening to introduce bans on certain information products if they are not brought up to standard.
By the way, many European companies use Dutch standards as a benchmark to determine whether their privacy and security practices will comply with the EU's general data protection rules.
It has not yet been reported what liability under the law may be carried by market research firms, but much of the blame is likely to be placed on the software provider.
The situation clearly demonstrates the weaknesses in information security, and it seems that the problem is not only with the vendor, but also with human negligence. And even if the software is to blame in this particular case, it does not guarantee that next time all the responsibility can be shifted to the solution provider, in the most advanced of which there are still various weaknesses.
Meanwhile, the expert community is talking about global changes in cybersecurity. This is attributed to the migration of digital infrastructure to the cloud, which makes it possible to store data and files on the Internet through a cloud computing provider.
As companies actively move to the cloud, experts are talking about a fundamental change in the industry as early as this year. With the right mix of experts, processes and technology, enterprises will have better solutions to control their increasingly diverse ways of processing data, leading to the next generation of cybersecurity.
However, the problems are still growing. Many companies are trying to conceal leaks, informally explaining it by a large number of blackmailers, plus you can not make accurate conclusions about the leak, referring only to a fragment of information, for this you must have the entire database at your disposal. This fact is often used by scammers selling "fake data."
For companies, such a situation incurs more financial costs, but reduces the reputational ones. To avoid blackmail, some companies admit the fact of the leak, as Ferrari did, for example. It disclosed the data leak after an attacker made a ransom demand.
According to Ferrari CEO Benedetto Vigna, the hacker gained access to a limited number of the company's IT systems, and most likely obtained customer names, addresses, emails and phone numbers. Ferrari believes that the incident did not reveal their customers' financial or payment information, although it will take time to fully ascertain this. The example of the Italian automakers is not yet a widespread one, as most companies prefer to keep quiet about the leaks.
Another threat to user data is artificial intelligence. Experts note that chatbots possess a trusting communication style, which contributes to the active collection of information from users.
Chatbots usually collect text, voice, and device information, as well as data that may reveal your location, such as your IP address.
Summarizing today's trends and threats, there are several major directions: data will continue to leak through employees of large companies, where it is easy to get lost, and even if an internal investigation reveals the culprit, it is far from certain that this information will be disclosed, as there is always the temptation to pass off the leak as a software vulnerability rather than admit the unreliability of an employee. In the coming years, we will probably be hearing more about such situations.
Another obvious trend will remain the fraudulent activities in the area of selling fake databases to the companies from which they allegedly leaked.
The actions of artificial intelligence pose a significant threat, but it appears that it will only be a tool in the hands of hackers, with no autonomy. The use of AI in some fields, such as science, is likely to be prohibited, as evidenced by trends in government regulation.