Gary Hibberd

20190723

If you’ve attended a Cyber-related seminar in the last twelve months then you’ll have undoubtedly heard the phrase ‘Data is the new oil’.

Data has become more valuable to organisations – and to organised crime – than at any time in our history. With over 3.7 billion people using the internet, and with 1.5 billion of these using Facebook daily, we are accustomed to using devices to create and share content about ourselves, almost without thinking.

But as we create all this data, are we thinking about what we’re creating and who might be using this data or why they might want to use it?

Data can be used to make inferences about us, from what we do and what we post online. We know that social media giants like Facebook have conducted experiments on us without our permission (Google the term ‘Facebook social experiment’ to see what I mean).  We know that the same company has allowed others to use our data which ‘allegedly’ ‘might’ have been used to influence the US elections.

There is no doubt that if we are lax about how our data is used in our virtual lives, it could have a very real impact on our actual lives.  For example, consider for a moment just how much data you have created on your mobile device.

In Device we Trust

How much data do you hold on your mobile device, that thing you take to bed with you (most likely). What secrets does it hold about you? What data is it storing on you?

  • Passwords
  • Credit and Debit card numbers
  • Banking information
  • Text messages
  • Social media likes, dislikes and opinions
  • Photos
  • Deleted photos and texts
  • Name, Address, DoB
  • Contact names and details
  • Phone calls
  • PDFs
  • Emails
  • Appointments (future and past)
  • Current location
  • Recent location
  • Travel tickets (past and future)
  • Hotel details (past and future)
  • Concert and theatre tickets
  • Shopping habits (things you’ve bought or about to buy)
  • Sleep patterns
  • Health and wellbeing
  • Home information (heating systems, alarms and lighting)

What does the data above tell me about you? What can this data give me? It gives me information about you. It allows me to infer things about you. It gives me knowledge about who you are, what you do, who your friends and family are, what you have been doing or are going to do. And all that information gives me wisdom and insight about you.

I can now use that information to sell services to you. In other words it gives me the power to exploit you.

The Black Gold Rush

When oil was first discovered it was termed ‘black gold’ not simply because of its value, but because of what it could be used for. The value wasn’t so much in the substance, but how that substance could be utilised and monetised. Those who could put that substance to best use grew rich, and that hasn’t changed today.

Where have all the Good Guys gone?

Often when we’re thinking about ‘the bad guys’ when it comes to cybercrime, we think of the lone hacker in their basement trying to hack computer systems. Whilst this is part of the story, it’s certainly not the whole story. Organised crime has gone mainstream and your data is the fuel for their business.

But it’s not just cybercriminals who want your data. Everyone does! Make no mistake that your data is valuable to legitimate businesses everywhere. But the General Data Protection Regulation (GDPR) (which most of us claim we’re sick of hearing about) was put in place to protect us from organisations simply soaking up our data and using it for whatever they like!  Personally, I think that’s wrong and it annoys me when I hear how large organisations are treating our data as if they own it. They don’t.

Has GDPR Made a Difference?

I’ve heard some claim GDPR hasn’t made a difference. Whilst I appreciate that it may feel like it hasn’t, my response is … yes it has. It’s created a more informed user base. Unfortunately most people have been mis-informed about the GDPR and large companies are still getting it wrong. They’re still collecting data without understanding or explaining the lawful basis for processing, or they’re explaining it in ways that make it look like they’ve just dropped a scrabble board and placed the results on a page!

But it hasn’t gone far enough… and to some extent we’ve only got ourselves to blame. I ask people if they read privacy notices or cookie pages and the answer is invariably ‘No. I can’t be bothered.’ So is it any surprise when we hear that our data is being used in ways that we weren’t expecting? Are we comfortable with this?  Because there’s a few phrases that both annoy and perplex me when it comes to organisations talking about their use of data. These phrases are;

  • Data mining
  • Data broker
  • Data harvesting

Remember that ‘data’ is you. Data is your children. It’s your loved ones. It can include your darkest fears and greatest dreams. But companies are ‘harvesting’ this information about you. They are ‘mining’ and extracting value … about you and your loved ones. Does that sound ok to you?

Data Protection

For every person out there that thinks GDPR is annoying, please remember it was brought in to update an outdated piece of legislation that a large number of companies were already ignoring. It was brought in to hold companies to account for using your data in a way that you might not be happy with.

GDPR was brought in to hold organisations to account for the way they use our data. If you’re saying GDPR hasn’t changed anything, I would say give it a chance. But also help give it a chance. Don’t accept the status quo from organisations. If we expect more of them then we’ll get more from them.

You are the first and last line of defence

In cybersecurity, users are often referred to as the ‘weakest link’. I don’t believe this is true. Users are the first and final line of defence. You are going to be the difference between successfully creating a culture of security or continuing in a world where organisations (on both sides of the legal system) use and abuse our data as they see fit.

Personally I want to take control of my data and work with – and for – organisations that respect my data rights. I believe you expect the same too, because when it comes down to it, your digital self represents a huge part of who you are.

Other resources

Case studies

Our cyber consulting team works with clients from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here. Learn more >

Video

See what our team have been discussing around current issues in regulation and data security, and recommended processes and policies that will benefit your business. Learn more >

Whitepapers

In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >