Hacking map

Password hacking illustration. (Santeri Viinamäki, 2016)

This article is brought to you thanks to the strategic cooperation of The European Sting with the World Economic Forum.

Author: Algirde Pipikaite, Project Lead, Governance and Policy, World Economic Forum

Our data infrastructure is incredibly porous. The latest cybersecurity incidents have highlighted the vulnerabilities created in the mishandling of massive data access by developers of third party applications.

In our age of big data, debate about security has reached the highest levels. In October, Apple’s CEO Tim Cook told the International Conference of Data Protection and Privacy Commissioners that “security is foundational to trust”. In order to rebuild trust, the leading global businesses that collect, store and share most of the world’s data should prioritize security when they open it up to third parties.

It would be one thing if all this data was accessible by just the companies collecting it. However, the complex interchange of data that occurs brings a host of new security challenges. The majority of internet platforms add capabilities and usability by offering application programming interfaces (APIs) that let applications developed by third parties communicate with the platform and get user information, including personal identifiable information. APIs are the nexus of significant emerging technology areas, such as software as a service (SaaS), big data, machine learning and artificial intelligence.

By opening their APIs to developers around the globe, technology companies have encouraged the creation of a variety of apps that bring new functionalities to their platforms. At the same time, through APIs, developers gain access to user-related data that can be utilized to create new value. However, if not administered well, these interchanges become a vulnerability and result in data leakage.

Since 90% of the data in the world today has been created in the last two years, it’s clear that technology companies are stashing gigantic amounts of it. Most of it is related to their users. As of October 2018, 4.2 billion people – well over half the world’s population – are online. Of that online community, 3.4 billion are active social media users. And not only is the number of internet users continuously increasing, but the time they spend online is too. In short, the amount of data we all create and share is surging.

Every minute, people send 187 million emails; download 375,000 apps; tweet 481,000 times; post 46,740 Instagram photos; and perform 3.7 million Google searches. That’s just a few examples. These numbers illustrate the immense amount of activity taking place that requires the movement of data. This results in exabytes of data being stored by technology companies.

In recent years, the number of cybersecurity incidents related to third party data access and mismanagement has risen. Hundreds of millions of citizens have been exposed by hacking across the world. Cybercrime and data breaches are not a national or even a regional issue. All these breaches negatively impact the trust that consumers have in digital platforms. To address this rising trend effectively and implement changes, leaders of global technology companies and government representatives have to agree clear guidelines on how data is shared, to ensure security and create faith in technology.

How do we rebuild trust in technology platforms?

Here are some suggestions:

1. Prioritize security

There is an incredible urgency for organizations to reprioritize security and prepare for emerging cyber risks. Despite the fact that many organizations work in silos, cooperation is needed between the public and private sectors on setting standards and guidelines around security in data sharing and storage. Trust in the age of the Fourth Industrial Revolution can be reestablished only by putting data security and user privacy first.

2. Public-private cooperation

Cybercrime is big business, and it’s constantly growing. The global cost of cybercrime will reach $2 trillion by 2019, according to Juniper Research. Fighting it has to be a well-orchestrated partnership between the public and private sectors. Direct cooperation between law enforcement authorities and private sector service providers would enhance security in cyberspace.

While cyber criminals cooperate closely on the darknet, there are many barriers for law enforcement officials to collaborate across borders and with service providers. National governments should focus on cooperation on a regional basis to improve information exchange processes. This would result in faster, more efficient responses to incidents. Currently, cooperation between law enforcement agencies in cross-border investigations is challenging. This must be addressed.

3. API deployment guidelines

There are more than 20,000 APIs on ProgrammableWeb, the largest API directory. API usage is growing and allowing businesses to build more dynamic applications. APIs support thousands of possible connections and data streams. But if they are developed while ignoring security, they carry an enormous risk of exposing corporate and customer data.

Currently, most developers focus on items such as functionality and agility rather than security. But as recent breaches suggest, businesses need guidelines to ensure their API deployments do not create security problems. API deployment guidelines should incorporate security by design principles, prioritize access protection and control, and leverage proven security standards stores for authentication and authorization.

As a society, we cannot completely avoid the abuse of technology. But it is the duty of companies to make it more difficult and prevent access to customer data. Introducing more control over apps developed by third parties and better supervision of who has access to companies’ APIs could help prevent such abuse.