Data privacy is about consumer trust
Data privacy and security is about far more than keeping the hackers out of the door. It's about assuring consumers that the trust they placed in a consumer product brand is warranted.
So said Andre Joseph, information security architect at Oracle SA, speaking yesterday at the ITWeb Security Summit 2017.
Quoting a Deloiite study titled 'Building Consumer Trust', Joseph explained that consumers have a keen sense of awareness of the risks surrounding data security and privacy, and that many consumer product executives are likely overestimating the extent to which they are meeting consumer expectations related to data privacy and security.
"At the end of the day, data security is about a brand being able to talk to and transact with someone else in a secure manner. Consumers choose to transact with a brand because they trust it. Trust is a key element of data security," he noted.
He made reference to some data breaches that have taken place in the last ten years, which are listed on www.informationisbeautiful.net. The attacks today, he continued, are different to the attacks which took place ten years ago.
"The attacks from ten years ago, achieved by a few freelancers, have been replaced by a layered economy of specialised hackers. Today the coordinated execution of these groups has fuelled an emerging black market that is now estimated to be more lucrative than the illegal drug trade."
The Verizon Data Breach Investigation Report 2016 found that when hackers try to obtain information, what they're primarily looking for is credentials, he continued.
"The number one target for hackers is credentials of administrator accounts. The number two target is gaining access to the organisation's databases. However, once inside the organisation, the top misuse seen is privilege misuse, which stems from people who work within the organisation abusing or misusing their privileges," he revealed.
In seeking solutions to these security issues, the very basics of protecting data in storage and across the network of an organisation is encryption, asserted Joseph.