Big Data, Big Responsibility - DATAVERSITY
By now, we’ve probably all heard that “every company is a tech company” after the evolution of where and how we work in the previous few years. However, if every company is a tech company, what has become of what we traditionally think of as technology companies? Just as every company has become reliant on technology to do business, tech companies have expanded and refined their specialty. Based on their most profitable assets, every big tech company is now a big data company.
However, is everyone ready to be a data company? A recent study from my company found that while over 75% of companies invested in data protection tools, 70% of them still experienced a ransomware attack in the past five years, and 60% of them had paid the ransom. This suggests that we may need to revisit how to properly protect that data.
Big data has been projected to be worth $274 billion in 2022. While this number illustrates the big win potential for players in this arena, without the proper management of these resources, the assets can just as soon become as large of a liability. Being in a lucrative industry means that real consequences are faced. The more data assets a company has, the more wealth there is to gain, but the more there is to lose.
Depending on the work your organization does, there may be industry-dependent rules and regulations for data collection. The financial industry deals with sensitive information such as credit cards and bank account numbers, and Regulation P prohibits sharing of specific bank-related information. In the instance of criminal activity, this law is essentially at risk of being broken since, even if they are the victims of the cyberattack, they hosted the information.
The health care industry has also had to transform what it means to be in compliance with laws such as the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, HIPAA. This would be the rule that prohibits medical information from being shared, and another solid reason for health care institutions to work to boost immunity to cyberattacks. HIPAA Journal cites that organizations can be fined up to almost $2 million annually for continual violation of this regulation. It is also incredibly important to note that fines for a HIPAA violation can be applied by the HHS Office for Civil Rights (OCR) even if no breach of personally identifiable information (PII) has occurred.
Since these industries collect some of the most sensitive data, it makes sense these are regulated industries. As technology booms and laws take time and bureaucracy to be passed, technology companies must stay ahead of the curve on their security for any PII that is stored, collected, or in use at any step of the process. For, on the granular level, the individuals who are permitting their data to go into these databases will also be the ones to suffer should this information get into the wrong hands.
In a snapshot of consumer attitudes on this information, 54% of consumers believed personalized offers after staying on a brand’s site for more than two minutes were also “creepy.” What does this mean for big data? The attitudes of over half of respondents reveals a negative, distrustful sentiment towards ways the data is being used. With this negative sentiment and the Federal Trade Commission’s open-comment period for citizen input into feedback for privacy laws, the growing concern means that data collection is now under scrutiny from the government and those who are placing and trusting the data in the hands of organizations.
Financially, there are a number of payouts in court that have happened in recent years. Settlements in data breach class actions now cost companies millions of dollars to compensate those whose information was not kept safe. The largest payout so far has been $380 million, followed by $200 million, and so on. This means that people do not want their data leaked and are willing to pursue payouts for their real-life consequences. The answer for peace of mind is simple: Protect the data. With the right protection in place, the data stays as profit and does not become a liability.
From an organizational standpoint, cyberattacks can happen to anyone. This means there is a growth opportunity for business’ cybersecurity strategy. Having a plan and a safety net is a crucial part of accepting the responsibility that comes with the great power of collecting people’s data.
One place to start is to identify the ways data is used within the company. Data exists in three states: at-rest, in-transit, and in-use. Many attacks happen when data is in different stages of its lifecycle, and strike when it is most vulnerable, typically when it is in-use. There are solutions on the market can protect data at every stage in the data’s lifecycle, but often the hardest to protect is data-in-use. Fortunately, organizations can now take advantage of encryption-in-use to close this critical gap.
Across industries, data is in need of protection due to the constant threat of cyberattacks and associated data breaches. Big data companies need this protection now more than ever, due to the superpowered nature of their work, wherein data is collected at fractions of milliseconds and finds its way to hundreds of applications soon thereafter. There are many high-profile examples of data breaches: Hackers send phishing campaigns to all of the customers of every business touched by the victim, thereby creating exponential levels of exposure for all businesses associated with the initial victim. This common pattern of exposure shows us how extremely vulnerable data collection can be.
Now more than ever before, it is the responsibility of those who are collecting data to recognize that the pressure is on and rise to the challenge. As we are all aware of cybersecurity threats and how hackers get smarter by the day, the old way of safeguarding information is no longer working. Organizations must find a solution that is better at protecting their software and promotes their immunity to ransomware and other data-focused attacks.