Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
This week in Brussels, Apple’s chief executive Tim Cook somewhat surprisingly castigated how personal data is handled by businesses and organizations. Aside from praising Europe’s General Data Protection Regulation (GDPR) and calling for similar measures to be brought to the U.S., Cook warned of how our data was being “weaponized against us with military efficiency”.
Now, Cook’s public overtures are likely to have been motivated by a variety of factors, including the need for large technology companies to win back user trust in the wake of the data breaches and data misuse controversies that have become public knowledge over the past 12 months. Whatever the intentions behind his pronouncements, Cook’s words – which coincide with Cyber Security Month’s final theme, Emerging Technology and Privacy – prompt us to pay closer attention to how we can play a more active role in controlling how much of our personal data is shared with third parties.
The privacy debate itself is a timely one that I simply cannot do justice to in this blog post. Briefly, for context, there are several overlapping lines of argument. First, there are those of an Orwellian persuasion who forewarn the dangers of state and corporate surveillance resulting from mass data collection. Conversely, there are those who sanction data collection in the name of security and combatting threats to our daily lives. A third approach is one often taken by technology providers, who claim they can improve user experience by providing more targeted content and marketing using their users’ personal data.
Regardless of where you stand, at the heart of the debate is the question of how much of our personal data we are willing to share, and with whom. When it comes to technology providers in particular, we should always question what data the service or application needs from us, and for what reason.
Mobile applications are a great example: is it appropriate that the app I’m installing requires access my device location? Or worse, does it need screen overlay permissions to capture my text messages and other personal activities?
Regulations such as GDPR have made it easier for individuals to request information from companies on what, why and how they are collecting and processing data on their users. The hope is that these measures will kick organizations into gear and make them more transparent about the uses of their technology. We shouldn’t, however, become complacent. Next time you sign up to a new online service or install an application:
Time and time again, when there is a major breach of a well-known organization, concerns quickly shift to how cybercriminals might look to weaponize or monetize user data.
Depending on the type of data compromised, attackers can use:
These datasets are often traded on criminal forums, marketplaces and chat channels (Figure 1).
Figure 1: Two file sharing links containing Facebook data posted on the Exploit[.]In criminal forum in October 2018
Whether you are an organization or an individual, every service you use increases your attack surface, providing more opportunities for breaches and for attackers to access your personal data. Our latest ShadowTalk podcast covered some of the risks associated with third parties and suppliers, and will be useful listening for organizations battling with third party risk management.
Both this week’s Cyber Security Awareness theme and announcements such as Tim Cook’s should serve as a reminder to consider our privacy practices from the broadest possible perspective. Without negating its importance, data privacy is not simply about how much data we hand over to large bodies such as technology companies. We also need to be cognisant of what data we are exposing ourselves, what data we are leaving within easy reach of cybercriminals, and what security practices we are or aren’t implementing to make their jobs harder.
Some practices to reduce your online exposure include:
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.