By Kevin Bailey, Head of Market Strategy.
One of the easiest ways to stop attacks on information is to close down the shutters, build impenetrable firewalls, stop all access and return to the world of the chalk and blackboard.
It is not going to happen!
Information has a value to everyone, whether it’s the individual name of something or the populous of a country.
Individuals provide information (or data in its raw form) with the belief that it is being given in good faith and should be managed in the same manner. But although the information is primarily used as it was intended, and as the information provider believed it would be, what happens to that data afterwards is less reassuring. The world of commerce and criminals breeds secondary ideas on both profitable and damaging uses for the information, often stolen or leaked from its original source.
Data protection is established based on known possible insecurities, but like any good lottery prediction, you don’t know, what you don’t know!
As mentioned previously there are many interpretable ‘rewards’ for which people access information outside its primary use. The most well-known threats are malicious attacks from hackers and cybercriminals, but a large proportion of information access actually comes from insider errors that occur even for some of the most security-conscious.
- Verizon, a regular publisher of the Data Breach Investigations Report, have had their own issues with making the text history of their subscribers available for over a month, and not disclosing it for a further month.
- A single attack could be seen as a warning, a second attack assumes complacency. The International Atomic Energy Agency has been attacked twice in one year, in two separate attack profiles; once for personal data of the experts and then again with malware on USB devices
- How can social engineering affect information access? Everyone (hopefully) read about the hoax death of Obama in 2011 on Twitter….but who heard that Will Smith died after a spinal operation that coerced followers to open a malicious application? By the way Obama died again last month on Facebook…
Whatever the reason for Information Access, ensure that individuals take personal care on whom they provide their information to, the use of the information and how their information can be protected against secondary use- whether this is for the benefit of the information owner or malicious access for detrimental activity.