Kumar Ritesh, Chairman and CEO, CYFIRMA
The current GDPR debate on how companies should protect personal data they collect is attracting much attention. However, there is an even more potentially dangerous risk to all of us: the protection (or lack thereof) of our behavioral data. Our ‘Digital Shadow’ is a goldmine for hackers to potentially access and exploit. Behavioral data touches everything we do, from how we behave, react and respond online to what we use and where we are in the physical world through everyday appliances, wearables, and any other digital application and system we touch.
An ever-growing number of wearables, tracking applications, connected home appliances are making our lives more convenient and comfortable. Smartphones, laptops, coffee machines, fridges, fitness trackers and wearable health monitors, home security solutions, and our cars constitute now a rich treasure trove of behavioral data. These devices collect information about everything we do, every second of the day with the utopic goal of tailoring and improving services to make our lives easier.
In today’s world, your ‘Digital Shadow’ is not just limited to personal information, photos, interests, social preferences, purchasing habits, where you like to go, a social map, and a calendar of activities. It now covers the entire gamut of your physical and emotional state. Our relationships with our family and social circle are now constantly tracked and monitored. Patterns of anger and joy, what we eat and when, lighting and room temperature preferences, what time you wake, sleep, exercise, including how. Whom you talk to and why, your transport patterns, travel speed, room temperature preferences, room lighting, reading habits, even how your heart rate and body reacts to different situations including times of stress, sadness and happiness.
The creation, storage and use of our ‘Digital Shadow’ will increasingly be a rich honeypot targeted by hackers. This type of data will allow an even higher resolution of personal profiling of targets for cyber attacks. Technology to make our lives easier is resulting in the unintended consequence of enabling threat actors to even more accurately predict our behavior in any situation.
This is very troubling.
We don’t need a vivid imagination to extrapolate where this risk takes us. Cybercriminals will have the ability to search for susceptible targets to be used as their mules, likely recruited unwillingly to penetrate and access a target corporation’s or government’s systems and data for any number of illegal and nefarious objectives. We will see more and more future cyber-attacks targeting such behavioral data, not limited to company IT assets and financial data, as consumer technology continues to be more tightly integrated into our lives.
Despite the sinister implications of our increasingly connected lives, trying to prevent progress is an unrealistic goal to these security dangers. Regulators, who have already started tackling the issue of more rigorous protection for consumer data collected by business, will also need to consider how to regulate and control the collection of personal behavioral data, its classification, how it is stored, and transmitted, as we inevitably approach a digitally tethered world.
Consumers, too, have an essential role to play in understanding how much of a Digital Shadow they have. Awareness and education of how these devices work, what information they collect, and how they are used, to make us potentially vulnerable to malicious hackers is a personal responsibility we all have. Even today, many people still don’t fully appreciate the extent of how much personal information is collected through the daily use of everyday electronic devices.
The last missing element of a comprehensive approach to this problem is the source of the technology itself. Manufacturers also need to be made responsible for what they are creating and releasing into the world. They have a critical role to play in the protection of consumers, in the same way, they are approaching the issue of traditional personal data protection. At the same time, companies who collect behavioral data need to understand the sensitivity of the information they gather and ensure that the appropriate security controls are in place when obtaining or using that data, subject to the law.
We are a long way from regulators, consumers, and companies coming together to address this issue of our ‘Digital Shadow,’ but the debate needs to start as soon as possible.