For those companies holding vast quantities of customer data, they must be quaking in their boots this summer. Company after company have been falling prey to hackers and data breaches over the last few weeks; with Carphone Warehouse being the latest victim after the Ashley Madison affair, which has finally only just played out.
Last night hackers claim to have released around 10 gigabytes of personal data from the Ashley Madison site including card information onto the dark web. In the long term the Ashley Madison breach could affect up to 40 million people globally.
With over 2.4 million Carphone customers being affected here in the UK and the privacy watchdog being called in to investigate, you can just begin to imagine the damage limitation taking place in their headquarters. As up to 90,000 people may have had their card details comprised, it begs the question: What can companies do to protect themselves and their reputations against the threat of cyber-attack?
Companies just love data. Lots of it. From names, to addresses to what you like doing at the weekend. This information can have value for the business, but if it’s valuable for companies, it’s also valuable for hackers. Individuals affected by the Carphone Warehouse attack have been warned to be alert to phishing attacks as data could be sold on. Those who buy this type of data will likely want to gain additional information from individuals through phishing to allow access to higher value assets such as bank accounts.
With 2.4 million peoples’ data on the loose in this latest breach, it only takes a small percentage to fall prey to such attacks and it’s been worth the hackers’ time.
This brings into question what the value of data is, and those services that sit over the top of it such as the well-coined phrase “big data”. How many companies are actually utilising all the data they are holding on their customers and would it be less risky for businesses to cut down the data they hold and still manage their customer accounts effectively?
With reports that the big data market is going to increase in size six fold by 2019 it’s hard to see how these two trends can live happily side-by-side.
We have on one hand, a trend of increasing data breaches and cyber-attacks on data, the other of increasing data monetisation.
So what is the solution? We’re finding that cryptography enabled personal digital identities will increasingly become the answer to this endemic data breach problem. This allows the individual to be in more control over their personal data, limiting the data they are willing to share if they want to, whilst at the same time, the organisation can be confident that they are transacting with the correct customer.
There are many new services out there, including federated digital identities, personal data stores, attribute exchange and signal sharing. Work being done through the Open Identity Exchange, Digital Catapult, the GSMA, Kantara and other organisations is exploring how these new methods and standards can help solve the problem of online identity, online fraud and decrease how much personal data is shared thus decreasing the risk of personal data being stolen.
Innovate Identity have worked on many projects in this area, one of which is around attribute exchange and have found users prefer these new methods.
They are quicker, easier for users to perform and users only give consent to the minimum amount of data to be shared; putting users back in control of their data and overall significantly decreasing risk.
For systemic problems we need systemic solutions. We need to put users back in control of their personal data and create a more secure Internet for everybody.