People must own their data to outsmart today’s cybercriminals
DATA breaches have been on the rise lately – with figures from Surfshark’s Global Data Breach Analytics showing a quadrupling of such incidents in Singapore in the past two years. In the first quarter of 2024 alone, some 722,770 acounts were breached. These attacks are becoming a recurring occurrence, compromising millions of users’ personal information.
October is Cybersecurity Awareness Month, with this year also marking the 12th anniversary of the enactment of the Personal Data Protection Act (PDPA) by the Singapore Parliament. Designed to protect individuals’ data from misuse by organisations in the private sector, the law was amended in 2021 to keep up with technological advances, and the rising importance of data privacy.
While these have been significant milestones, the rapid growth of digital technologies and the rise of artificial intelligence (AI) only point towards a future where cybercriminals get increasingly sophisticated with their attacks.
According to the Cyber Security Agency of Singapore (CSA), around 13 per cent of scams in 2023 were likely generated by AI, indicating that scams are getting more potent even as overall cyberthreat numbers fell or remained constant, compared with 2022 figures.
More must be done to complement existing cybersecurity guard rails, which warrants a complete shift in how we manage sensitive, private data.
Existing landscape of data management
Cybercriminals see organisations’ databases as goldmines, with private data such as browsing activity, purchase history, and personal conversations up for grabs. This sensitive information is a core part of our digital identity, and whoever holds it controls our online lives. With organisations storing vast amounts of data, their centralised systems have become prime targets for cyberattacks, leaving consumers vulnerable to breaches.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The issue lies in the reliance on centralised storage – where data is stored in one central location, often managed by a sole authority. While the single point of access offers greater ease of accessibility, management, and control of data, this can also translate to a single point of failure. It is this very nature of centralised storage that attracts hackers and magnifies the damage when breached.
Existing protections, such as the PDPA, are typically more reactive, often with the individuals notified only after a breach occurs, if at all. At present, there is no obligation for organisations to inform affected users of all breaches – the obligation only arises if the breach affects at least 500 people, or if it relates to sensitive information such as the full name or identification number.
This reactive approach to cybersecurity, placing the onus on large corporations, must be reconsidered.
Do we actually own our data?
Many of us believe that we own our data simply because we can access it – akin to money in the bank. However, our data is often stored on centralised platforms and subject to platform owners’ will.
We don’t entirely know what these companies are doing with our data. Granted, we have to acknowledge their terms and conditions during sign-up processes, but how many of us actually fully read, much less properly understand, the lengthy and complex legal jargon? We have become used to these free-to-use platforms and services by established players that store all our data centrally, leaving us with little real control over how our information is handled.
Consequences are dire when our data falls into the wrong hands or is misused. Recall the infamous Facebook-Cambridge Analytica scandal, where social circles and interests were manipulated to change political views by amplifying inaccurate, misleading information through fake news.
This happened back in the 2010s, but in today’s context of trained generative AI and the emerging threat of deepfakes, the risk is even greater – where one’s digital persona can convincingly be duplicated and perpetuated to mislead others. Threat actors these days are even offering deepfake campaign services on the Dark Web for as little as over a hundred dollars.
On the other hand, if a platform shuts down, that data is lost, and this could have significant impact on our daily lives. Imagine having accumulated precious photos on the platform across a long period of time, only for everything to be lost when the platform shuts down.
The same can be said for other critical documents such as work files or financial records. Without these documents, one might miss important deadlines such as submitting tax returns or completing ongoing work projects. This disruption can further lead to financial penalties and emotional distress.
How, then, can we claim ownership of our data that’s under the platform owner’s control, and where our data remains largely vulnerable to cyberattacks?
Reclaiming our data
The way we think about, approach, and manage private data needs to be transformed. Data ownership reclamation is urgently needed as the solution to bridge existing gaps.
This can be done through the transition of data storage from traditional centralised systems to decentralised ones. Decentralised systems enhance security and privacy in data management as information is no longer stored within one central location, but instead in or with the users’ devices themselves, allowing them to use and manage the data as they so desire.
Imagine a secure personal data store that allows data-sharing with external parties only with your consent. No one would be able to access information from your data store without authorised access.
With individuals reclaiming data ownership through decentralised technologies, cybercriminals will also no longer view organisations’ centralised databases as attractive – simply because there is a reduced volume of customer data stored there. Even if a data breach occurred, its impact would be minimised as there wouldn’t be much private information for hackers to leverage, addressing the problem at its root.
Beyond cybersecurity concerns, the biggest advantage of decentralised data storage is that individuals can generate and also store their online personal data in a way that allows them full control over it. That means consumers can consent to the data they want to share and, best of all, the data is theirs – they own it.
As consumer data privacy concerns grow, companies must embrace this shift. A Twilio study shows that nearly three-quarters of consumers in Asia-Pacific who are otherwise unwilling to share their personal information said that they would be more inclined to do so if they trusted a brand.
Indeed, trust is a powerful incentive and essential to customer relationships. As the value of personal data control surges, businesses focusing on ethical, user-centric data practices are set to drive deeper consumer loyalty – paramount in today’s digital economy.
Data ownership for all
We should demand rightful control over our data to create a world where everyone has the complete freedom to decide what they want to do with their own information.
Transforming data governance won’t happen overnight, but progress starts with recognising that we can all do our part to improve the current system significantly. Both businesses and individuals must understand that true data ownership not only offers benefits in privacy, security, and control over personal information, but also contributes positively towards the data and trust value chain.
This understanding will drive collaborative efforts across society, fostering a partnership where businesses adopt transparent practices, and consumers have complete autonomy to manage their data. Together, we can create a digital ecosystem built on trust, where data is secure, decentralised, and adds value for everyone involved. Whole-of-society collaboration is the lynchpin of the future of data management.
The writer is chief executive officer of Affinidi
Copyright SPH Media. All rights reserved.
