How secure is your data ?
All it can take is an absent-minded click on an attachment that appears to have been sent from a friend and you can find yourself locked out of your own computer or your files encrypted.
This frightening scenario is down to malicious software, or malware, known as ransomware – the only way to release your computer is to pay a ransom to the criminals who sent it. One particularly nasty piece of ransomware called Cryptowall is now on its fourth iteration and has been estimated to have made $325m so far for the unknown people behind it.
Now you would hope that the companies that look after your personal data would not make similar mistakes – but you would be wrong. Famously, in July 2015 hackers stole the personal details of 32 million members of Ashley Madison, a site for people who were in relationships but wanted to have an affair, and then released this highly confidential information online the following month. It is still unknown how the hackers gained access. In October 2015, UK mobile network TalkTalk fell victim to a so-called “brute force attack” when hackers breached the security of a poorly designed part of its website to steal the unencrypted personal details of 156,000 customers and the bank details of 15,000. The cost to the company was £60m and 101,000 disgruntled customers. However, both of these are minnows compared to the hack of the personal details of 80 million customer from US healthcare insurance giant Anthem earlier in 2015.
“Hacking has become big business, because whether we like it or not we are living in a digital economy where personal data is worth a lot of money,” says Mark Skilton, Professor of Practice at the Warwick Business School. “And this is only going to get worse as we become more connected. People need to realise that there is a continuum of threats, from brute force attacks that occur in broad daylight through to malware which can be on your computer for years without you knowing it. New technology like the Internet of Things also brings new opportunities for hacking which haven’t been seen seen before.”
The Internet of Things (IoT) is a vision of the future in which tens of thousands of devices, from fridges to traffic lights and cars, are connected to the Internet and use it to share data with each other. Many of the early IoT devices marketed so far have been shown to be pretty easy to hack – and alarmingly this includes cars.
“We face a tricky problem as we want personal security, freedom from state surveillance, and an open Internet, but it seems impossible to have it all,” says Skilton. The current clash between Apple and the FBI is a case in point. “Some are even saying that privacy is gone for good, get used to it. The law certainly hasn’t caught up with what legislation a digital economy actually needs.”
“It is the Wild West out there, but we can do some things to protect ourselves, like checking the identity of those who appear to be sending us an email with something as a simple as a phone call to make sure they are who they say they are,” Skilton says. “Or even just choosing reliable and well-known cloud services or website brands that encrypt their data. If you are using unknown web site services you can be vulnerable to computer viruses or other unwanted attention to your personal data.”
New projects are growing up in response, such as HAT ( Hub-of-All-Things.com ), a Warwick led collaborative research project that is now a new start-up company offering new technology and business models to let you keep control of your own personal data. This looks to build the new personal data economy through managed privacy with trusted exchange of products, services with companies and people.
“Every new human innovation that breaks the old paradigm also breaks the rules that were designed for it, but we have as a species all the creativity we need to respond to it.”