The data breach is, in recent weeks, the main nightmare of anyone who collects data or, in general, is dealing with information security. Already the phrase, in itself, is threatening: breach it calls, of course, one “breccia”, a security flaw, a gash that causes data to leak from realities that, instead, should keep them with great care. There are those who cripple him in data “bridge”. Who, in summer, in data “beach”. Who in data “break”. The most daring, even in data “bitch“. But it is the “breach”, of course, that which is most scary. Our Privacy Guarantor it simply calls it “data breach”.
The problem behind the data breachtoday is very simple to understand: sooner or later, it will happen to everyone. It is not a question of “if”, therefore, but of “when”. The reason for this statement is also simple, and there is no need for experts to understand it: it is the same that was at the basis of the fall of the Roman Empire. Back then, it was thought to enlarge the boundaries to conquer the existing world but, then, you were no longer able to protect them from the entrance of the barbarians.
Today, everyone is running towards i big data, everyone is committed to rack up information that is seen as “the new oil” (which, then, I understand that oil is not doing very well: in full lockdown, the most current example was turning of how data was the new leaven for pizza ), but the security measures that are placed around the data, very often, are those of ten years ago. I can think of at least five reasons so, sooner or later, a data breach it will affect everyone. Big and small. Private and public.
1) Inattention to “safety by design”
Anyone who collects large amounts of data should to incorporate the security in his projects even before presenting the project itself. Incorporate it into servers. In apps. In the tools that will be used. On websites that will talk to citizens. As if the idea of safety should be in the skeleton itself, or in the DNA, of the project. Before you even start collecting data, you should create a ambient sure.
This, unfortunately, in most cases does not happen. The haste to go on the market, improvisation, cost savings and investment cuts or, simply, incompetence and amateurism often lead to already vulnerable systems even before they are operational. In other words: our data often ends up, from the outset, in environments that are not secure.
2) the Internet of insecure things. 0
The society around us, in everyday life, is filling up with billions of connected devices – video cameras, cars, refrigerators, thermostats, aquariums, sprinklers, gates, fitness bracelets, voice assistants. They are all products that must be sold at prices competitive (often competitors compete with prices at a few euros from each other): consequently, the investment for the IT security of these devices is, often, minimum.
Price competition is too strong: an investment in assessment of security would lead to too high final prices. The fact, then, that many devices do not have a display leads to catch the problem: the ordinary citizen, and not expert, thinks that, after all, “they are not computers”. But they can, instead, be easily attacked and a point of passage towards the network to which they are connected.
3) All our most intimate data are now exposed. And they are tempting
There has never been such a large and widespread exposure, as it is today, of our sensitive or “particular” data, that is, of those data that can be used to discriminate or blackmail one person: health, sex, political opinions. Today, people data are more tempting than credit or bank card numbers. The data of a newborn can be used for scams and stay safe for years and years (criminals talk about a “clean credit history“, The victim’s records that remain clean and can be used to open accounts or credit lines until the child becomes a teenager and starts using his or her data, thus discovering the scam).
I intimate data people now go everywhere: fitness apps, dating and dating sites, insurance companies, banks, public bodies, sites pornographic, hospitals and clinics, platforms for citizens’ consultation. And all are places that have proven vulnerable.
4) The inability to overcome the current sense of helplessness in the common user
The problem is that often we can’t do anything about it. We trust you. We give our data to subjects who, we think, are much safer than our small computer or phone. But in reality, this guarantee is provided less and less. I’m hundreds the sites that suffer attacks and data breaches every year. And often the managers they don’t warn us the breach and the sudden circulation of our data.
5) In the post-pandemic, investments in cyber security will drop
We had been very interesting for two or three years. The implementation of the European data protection regulation, especially in large companies, had led more attention adjustment. But now, in realities in crisis, cyber security (and related costs) will probably be put aside to resolve economic contingencies (often of real survival on the market) perceived as much more important. On the one hand, therefore, the recovery will inevitably have to be concentrated around the data and its treatment. On the other, there will be expense and investments that will be considered more important, and there is the risk of generating an even more vulnerable picture.
We are in the presence, in conclusion, of a small-large short circuit: there is the corsa to the accumulation of data without, however, locking them. Leaving them, in many cases, open and available to the first attacker who has a minimum of competence. Attackers who often take advantage of vulnerability of the system due to neglect, to haste in the programming or design of the site and services, to improvisation. They will not “if” violate our data, then. But when”.