Internet users share personal information with each other via social media and financial information through online transactions – a practice which we have all become accustomed to – however in addition enterprises and public service providers are storing data in the cloud to be mined for targeted advertising as well as to provide tailored services to customers.
Data miners with malicious intent can use information taken from online accounts for illicit purposes. However, this data is not necessarily being collected with directly criminal intent. “If it is financial data the malefactor can use it both with criminal purposes – for example money withdrawal from bank accounts – and non-criminal purposes – for example enticing away clients from competitor. Also this data can be used for a targeted marketing to similar target audiences,” says Vsevolod Ivanov, Deputy CEO, Infowatch.
Though the presence of this information can create a more personalised experience for consumers, so too does it present the potential for data breaches that can range from irritating to devastating for the company and its customers. “There are high risks involved especially if you look at incidents such as the security of the Sony PlayStation network being compromised and even LinkedIn accounts being hacked, there is clearly a risk involved in providing personal information to corporations or sites,” says Megha Kumar, Research Manager, Software, IDC Middle East Africa and Turkey.
Last year alone saw an estimated 2164 incidents of data breach with over 822 million records exposed. This is nearly twice as many incidents as in 2011. “With the rapid growth in data volumes, Big Data, rising adoption of cloud services, and use of remote data centres driving unprecedented movement of data throughout networks, data in motion and at rest is under increasing threat,” says Sebastien Pavie, Regional Sales Director, Middle East and Afriva, SafeNet.
The tenuous nature of data security is not only due to the volume of information we are working with but also with the way that this data is shared and stored. “As data is becoming more centralised and available online from any terminal device, security measures must be taken seriously to prevent misuse, sometimes on a massive scale, of the data,” says Alain Panel, Regional Vice President, Fortinet.
The key to protecting one’s sensitive information is prevention. When sharing information online or participating in transactions that result in data storage, users must be cautious. Consider how the information will be used, by whom and where it will be stored. Best practices include, at the very least, using a strong password combination and encryption, but there is more that can be done to protect sensitive data. “My golden rule whilst shopping online is to use a prepaid credit card that is not linked to my bank account. Alternatively, many banks are offering an extra security service for authenticating any online transaction that takes place by entering a password that you have already provided to bank with,” says Tony Zabaneh, Sales Engineering MMEA, Trend Micro.
Though personal responsibility goes a long way to protect an individual’s data and maintain privacy, governments around the world have begun to pass regulations that are aimed at protecting the consumer. “Future regulatory models should apply greater pressure for responsible behaviour but ultimately it is consumer demands and competition that creates secure, conscious products that solve such issues,” says James Lyne, Global Head of Security Research, Sophos.
Recently, the EU has recommended a consistent internet privacy regulation across the region. The Data Protection Regulation is a proposed suite of regulations that will protect consumers from clandestine tracking and unauthorised personal data usage. Further, it aims to protect privacy rights in two key ways. The regulation will clearly define the term “personal data” to remove any ambiguity and tighten potential legal loopholes. It will also increase punishments for those who violate users’ online privacy.
With governments in the US and EU rapidly researching and implementing regulations to protect users and their data, it is only a matter of time before the greater Middle East region begins to consider a comprehensive regulatory plan. In fact, the wheels have already been set in motion to address online security in the Middle East. “We have rallied the support of leading government, semi-government, education and private establishments in the country and have laid the foundation for the establishment of a formalised national Information Security Awareness (ISA) committee. This centralised body will address security risks related to a lack of online security awareness in the UAE, and will also develop standards, guidelines, and best practices for effective implementation of information security awareness programs and workshops across the country,” says Nicolai Solling, Director of Technology Services, Help AG.
However, the path to legislation in the Middle East may be slow. “At the moment, each Middle East country has its own data protection regime based on international best practices. Qatar, Saudi Arabia and UAE view data protection and privacy from a national perspective. While there have been efforts to implement a European Union-type regime, the compliance challenges organisations face make the process a lengthy and complicated one,” Khalid Muasher, Business Development Manager, Middle East, BitDefender.
Further, some believe that regulation across Middle Eastern countries may be extremely difficult. “When we take all matters into consideration, legislation on privacy may be a path the Middle East regions are unwilling to take. Given the issues other countries have experienced, the social unrest they can cause it would be very understandable if all Middle East regions maintained the status quo,” says Glen Ogden, Regional Sales Director, Middle East, A10 Networks.
Whether the government intervenes or not, privacy concerns will never be fully alleviated. Even as the technology to protect data progresses, so too do to the tricks of hackers and data miners out to breach internet security tools. “Privacy concerns are here to stay, and it is in our best interests to understand what is happening, both from a political as well as from a technical perspective,” says Sebastien Pavie, Regional Sales Director – Middle East and Africa, SafeNet, “It is highly recommended that enterprises research internet security as the day will soon come when it will be expected to prove that user information is safe when they are required to provide it.”