Is your personal data safe with Data Brokers?Posted by SecurityAuditTeam on Sep 28, 2015 in Security Blog • No comments
A great many respected website and IT security experts expect to see enormous breaches of personal data in the near future. In fact, such breaches of data may be happening right now but we are simply not aware of them!
The problem we all face nowadays is centralised around mysterious Data Brokers, including how they store and sell that data on to third parties. This may have all started with good intentions but personal data such as web browsing histories, shopping habits, preferences and demographic information are all now being used by those involved in marketing for targeting of particular audiences to increase sales.
This all may seem fairly innocuous so far but think about it a little more. The data could provide your personal information to those with dubious intent to take advantage of in such ways as sophisticated targeted phishing attacks unlike any we have seen before. These types of attacks, commonly known as spear-phishing, are usually instigated in order to trick individuals into compromising the integrity of their personal details or computers. These will be more effective than in the past due to the potential to personalise the attack providing further legitimacy to the scammers! Recipients of the fruits of the scammers work, including sophisticated Emails or other communications will then more likely perform actions that they would not have considered previously.
A perfect citizen surveillance system
The question really that we should all be asking is where will this increased surveillance of society all end? Where is society going with this? We have now constructed the most perfect online surveillance system ever contemplated in the history of humankind. Personal data is now a saleable commodity, traded across all corners of the globe. Your details are no longer your own possession and there seems to be no stomach to change the status quo within the authorities!
It would seem therefore that the various government agencies are quite happy that all of our information is available to the highest bidder or perhaps the cleverest hackers and scammers!
How is personal data collected?
Personal data is collected by the major search engines, service providers, websites and various assorted retailers and then often shared out with the data brokers standing in the middle of the whole process.
Government agencies have a role to play too. Surveillance Agencies such as GCHQ in the UK and the NSA in the United States are seemingly able to track and trace any individual’s likes, dislikes and movements, across borders, at will. Why would they want to change this?
There is no easy answer to protecting yourself from intrusion
Leading security experts at least are perhaps starting to see the light.
Grady Summers, the chief technology officer at cyber-security firm FireEye recently stated “What more could you want if you wanted to gather intelligence on our citizens?” He further went on to say “You’d want to see everything they do on the Web, everything they’re buying. We’ve built this incredible machine that does that and we don’t even realise it.”
The real story here is the potential for hackers to gain access to these massive pools of personal data, all ‘securely’ stored in databases containing pretty well anything and everything that there is to know about all of us!
What is the role of the middlemen, the Data Brokers in all this?
The real players in this industry, the aforementioned data brokers, were the subject of a 2014 report produced by the Federal Trade Commission in the United States. They recommended that Congress should move on this and require brokers to be more transparent regarding the data they gather and how they obtain it.
These data brokers sell the information to everyone that wants to buy it, from advertising and marketing agencies to private investigators and financial institutions. Unfortunately, despite there being laws in pace to protect personal data, there have been many inadvertent ‘leaks’ which have then facilitated financial and other crimes against individuals.
How can we better protect our personal data?
We need to look at protecting personal data from being accessed first and foremost.
- Ensuring laws protect publicly available data and its use.
- Protect online resources, such as websites and the databases they connect to as far as possible.
- Further legislate regarding the sale of personal data to protect individuals.
- Further legislate regarding the onward use of such personal data.
How can companies and organisations make sure that your data is more secure?
Data is normally acquired by data brokers in the normal course of activities by way of financial transactions. Data is also stolen during hacks and other attacks on companies IT networks and websites. The problem arises when the data finds its way into the hands of people with dubious intent. Stopping this from happening is our job!
Businesses and organisations should strive to protect their data as much as possible. This is where companies like Security Audit Systems come into the equation. We offer professional website penetration testing and website security testing services, running tests on your systems for their security preparedness. A report would then be provided to you highlighting any security issues that need to be addressed.
Get in touch with us to find out how to better protect the data that you store.