Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

How Digital Transformation is Making the Anonymous Personal

Allow me to nitpick for a moment: There’s a difference between data and information. 

Data are the facts or details from which information is derived. As such, standalone pieces of data are rarely useful. It’s not really information until data points are connected with context to tell a story. 

Allow me to nitpick for a moment: There’s a difference between data and information. 

Data are the facts or details from which information is derived. As such, standalone pieces of data are rarely useful. It’s not really information until data points are connected with context to tell a story. 

In the military, they call this a compilation of information, where individual pieces of data in themselves are unclassified, but when multiple pieces of data are put together, they paint a picture that could be considered Top Secret.   

This nuance is more relevant than ever as the world continues to undergo what is broadly referred to as “digital transformation”—the movement of services, processes, and social, personal and business activities into cyberspace. 

Most would agree that, for the most part, this movement is an advancement that enhances our lives and frees us to focus on other things. For companies, services like cloud sharing mean employees can access important documents anywhere. Electronic medical records improve hospital efficiency and open up physical space previously needed for storing files. 

Consumers receive the benefits of new services, whether it’s finding a product online that would have taken days to track down physically or transferring funds without driving to the bank. People who haven’t seen each other in 20 years suddenly can reconnect. People who were adopted can find long-lost parents or relatives. The convenience and connections offered by digital transformation have become integral to our society and our economy. 

But with each new digital industry, process or service comes a new data source that can be compiled and cross referenced. Thus, for all its benefits, digital transformation is also introducing new ways to see into people’s lives, activities and business operations. Data points that, in themselves, would never have been considered personally identifiable information can now be connected and correlated, creating a level of personal and business risk with potentially negative outcomes. 

Malicious entities today are sophisticated enough to leverage that information in ways that were never anticipated, correlating data to draw conclusions. Machine learning can be applied across thousands, even millions, of data elements to anticipate details that humans wouldn’t necessarily see on their own.

The potential consequences of these capabilities are serious. In late 2017, a military analyst noticed that data from the Strava fitness app revealed sensitive information about U.S. military bases. A “heat map” from the service’s fitness data—all voluntarily supplied by users—showed patterns of runs and marches that may have compromised top secret military facilities around the world. 

In a similar case in the consumer realm, Under Armour’s MyFitnessPal service was compromised earlier this year. The company’s popular fitness tracker handles routine information like names, addresses and ages, and it tracks users’ diet and exercise—the kind of information that seems benign on the surface but can be used for targeted marketing campaigns or even phishing and social engineering attacks.

Today on social media, there’s a wealth of that same kind of seemingly harmless information. Where do you get coffee every day? What airlines do you choose? What apps are you using? Where do you work? 

In some ways, this is far more dangerous than what would originally be considered personally identifiable information, but there’s no regulation that says that any of it needs to be secured—plus most of it is being provided voluntarily. 

Personally, I’m using more than 100 apps that do different things. And I don’t want to give up any of them. The goals of digital transformation—making people’s lives more convenient, giving businesses and government entities new tools to connect with people—are ultimately productive. 

But for those of us in the security industry, we need to think about the negative consequences of how this data could be used. As digital transformation continues, our reclassification of what we consider personally identifiable or sensitive should evolve with it. 

As every new service comes online, the data set becomes larger and the ability to correlate with a growing number of data sources becomes easier, exponentially increasing the value of the information and the potential ways it can be used against you. Protecting people, businesses and institutions in this new world means understanding the nature of each digital data source and the motivations of those who may seek to compromise it. 

Written By

Click to comment

Expert Insights

Related Content

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Application Security

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...