Risk, Security And Privacy Issues Addressing Old Threats And Emerging Risks-Digital World
Our everyday lives move forward with the use of technology. The new and growing digital world is designed to make lives easy, better and solves our social problems. Although, it comes with its baggage of challenges and issues related to risks, security and privacy. Technology, with its growing developments, lacks immunity from devising any harm. Without any policies to overcome the issues faced in the digital world, malicious actors and cybercriminals only grow smarter and devious by each day.
Digital infrastructure has infiltrated our lives, and it looks like it is here to stay. Our daily transactions and interactions mostly and growingly take place in the cyberspace. This, in turn, provides cybercriminals and hackers opportunities for criminal exploitation. Apart from being able to exploit the cyberspace, criminals are at low risks of being caught.
21st Century and the Digital World:
Technology today is only growing and is also made available to all. Everybody is only glued to their phones and have forgotten the days where people went on picnics or had an in-person conversation other than video calling or texting.
It is long gone when digitization meant usage of computers to only surf for information. Today information can be passed and communicated via a small device without any difficulty. IT only keeps surprising with its ever-growing and marvellous inventions. IT inventions have reached various sectors to help improve their growth and sustainability. With the digitization and ongoing developments, it is only about time when everything that we do in our daily lives become digital.
Digitization in India:
Digital revolution 2019, is about development and influential impact on different societies and economies. Digitalization brought changes into the way information was passed on across various sectors of the globe. It helped widen the grounds for businesses from national markets to other international markets. The digital revolution in India has improved and shifted to even the rural areas, thereby increasing the digital using population. Since 2014, the Indian government has brought about various measures in bringing digitization. The government has taken up initiatives like e-payment, digital literacy, rural development, etc.
By digitization, they intend to develop all sectors, for example, education, health, rural, agricultural, etc. The e-commerce industry is expanding with digitization. The investing sector can be open to more crowds. The improvement in the education sector aims to deliver education to the needy. Digitization also brought about online labour where people can take up online jobs, food delivery and e-commerce being the prime examples.
Emerging Threats in the Digital World:
Threats in the digital world today have only been increasing with the change in time. There were no policies to prevent the threats back when digitization took over, and there are no policies now, even with the immense growth in technology. As technology grows, hackers and cybercriminals also grow and only continue to threaten the digital world. Nowadays, hackers have become entrepreneurs by starting up businesses and working for the government as official cyber agents.
Cybersecurity plays a critical role in the economy as we have become dependent on cyberspace in our daily lives. One of the main threats arose due to 'datafication' in the digital world. Any activity or information turned into data that can be processed, monitored and analyzed is a growing threat. Since data seems to be a crucial factor that helps today's businesses and even individuals, it is considered to be most important. For example, governments use data to define policies, plan strategies; scientists and researchers use it to advance in science; businesses use it to strategize to improve their business and also attract customers.
Other threats imposed by digitization would involve the use of Artificial Intelligence (AI). AI is used to automate tasks that are involved in surveillance, including analyzing collected data and using manipulating video and facial recognition for deception.
Few of the most common threats would be Identity theft, Infrastructure security, Terrorist attacks, etc. Identity theft involves stealing another individual's identity for their benefits. Infrastructure security is a concern to both government and private sectors. Hackers getting a hold on to digital security systems can misuse and even destroy the communication systems and even shut down businesses online. Terrorist attacks would require hackers and cybercriminals to develop false identities to divert the surveillances.
It must also be considered that even employees can engage in theft of data within companies as they are the direct link in the security chain. Either they intentionally or unintentionally pose a threat to the companies' security. For example, they may leak sensitive data as they are directly in connection and have access to these data. On the other hand, many employees are not up to date with the new technology or techniques used by cybercriminals. And this lack of awareness may lead them to unintentionally pose a threat to sensitive data or the security of the company. They may inadvertently visit infected websites and click on unwanted links that may be a trap set up by hackers to get access to databases.
Even though with all the threats in place, solutions are developed to combat these issues. But with the growing technology, old security systems don't help; instead, there is a need for more advanced security. Encryption was one approach to safety. But due to the increase in web traffic that is both legit and malicious, threats are becoming unidentifiable.
Another security approach would include the Unified Threat Management (UTM) that involves hardware and software installations for multiple security and networking functions. Mid-sized or small companies mostly use this kind of security approach. But they have also proven to be ineffective with today's highly efficient cyber-attacks.
Risks imposed by digital transformation:
Digital transformation can be complicated and comes with risks that must be considered. Risks may differ depending on the kind of businesses, stakeholders, and the type of technology that is deployed. Few areas of risks include technology risks, cyber risks, strategic risks and third-party risks.
Technology risks may influence both systems and processes. The risks involve unauthorized intrusion in security systems. Third-party risks include vendors, suppliers, or contractors that impose risks within the organization without them knowing.
It may seem that digital transformation itself looks risky. But, in today's world, digitization is only growing, and without it, organizations and individuals may seem to be at a great disadvantage. The risk may be difficult to manage, but with careful considerations and precautions, the risk may be reduced with a successful digital transformation.
Security Issues in the Digital World:
As mentioned before, with the growing change in digital transformation, cybercriminals are also getting smarter with their attacks. Growing changes in the system may require cybersecurity to be in check at all times. Protection against cyber threats and security issues may require a proactive and continuous automated approach to cybersecurity.
There can be a couple of things that can be used to reduce cyber-attacks on security. With the use of integrated cyber-security systems, it may help manage cyber-attacks. Use of built-in security applications, incorporate automation into systems for monitoring threats, hacking, etc. can also be few examples. Staff members in an organization can be trained in the use of technology and its skills and threats. This training may help in preventing these threats and even minimize them.
This is the time where digitalization is everywhere and is growing very fast. Digitization today requires us to be able to adjust to the changes that it brings to society. Many risks and concerns arise. The biggest concern of them all is our privacy.
Even with all the security options and programs created to protect us, invasion of privacy in the digital age is considered to be the more significant risk. The rise in popular social networks gives space for sharing personal information and data. Therefore, our personal information and data are exposed to various threats.
One of the most vulnerable cases is identity theft. A person that has experienced a theft of their identity can suffer financial loss or have his reputation tarnished. It may even lead to emotional stress. Other vulnerabilities may include, credit cards stolen, hacking social media profiles, misuse of ID's, hacking emails, bank accounts, etc. with our lives inclining to digitization, even our biometric data is in danger. A click on a wrong link can start a series of unfortunate events in a persons' both professional and personal lives.
From the information that is shared on social Media to words used in searches and websites visited, personal data can be analyzed. Each use of the internet such as information shared online, cookies collected in browser history, online transactions, registered mobile numbers, etc. can help generate personal information.
Unfortunately, we don't realize the threats that the digital world may impose when we share our personal information or database on social media and networks. We have no control over how our personal information or data may be used. All we can do is to be aware of the risks that may arise and be careful with the information we provide online.
There is also a thin line between what may be public information and private information. The sphere of information on the internet is unclear. Public information would mean that the data may be free for use by any individual or entity. Private information would require further authorization to use it. The users are never made clear on which information they provide would be public and private.
In India, the Mumbai police established a social media lab that monitors and tracks user behaviours and activities. The lab does not require any authorization to monitor individuals and their behaviours. The individuals are not made aware of the same. The project claims to monitor and analyze only publicly available information. There is no guarantee as to what information they would monitor. Indian courts have not dealt with the question of whether social media content is public or private.
In countries like USA, individuals contested the use of their tweets without permission. But courts in the USA ruled that tweets that are both private and public can be obtained by law enforcement with just a subpoena. The USA courts claim that since information is already shared to another entity, it is no longer private.
Policy for internet privacy in India:
At the moment, the policy for internet privacy in India is found in the Information Technology Act (ITA), 2000. The ITA provides provisions to safeguard online privacy and also dilute online privacy. Penalizing, hacking and fraud can be few examples of provisions that protect the privacy of the user. Provisions that serve to dilute user privacy speak to access by law enforcement to user's personal information. This information is stored by body corporate, by collecting and monitoring of internet traffic data and decryption of online communications.
India does not have any proper legislation for privacy. Although gaps in the legislation in ITA only weaken the privacy of online users. There are certain questions and situations that are not addressed. For example, the evidentiary status of social media content, merging and sharing of data across databases, rights of individuals to request service providers to take down their content, etc.
India has many discourses relating to privacy on various projects and topics. These discourses bring public awareness on privacy and the perception of public privacy and its concern.
One of the discourses is the debate on the Unique Identification Project (UIP). Since 2009, the government of India has brought about an identity scheme called UID or Aadhaar. It applies to all residents in India. It provides individuals identity based on their fingerprint, iris scans and photographs. Although, it is claimed that the scheme may not have proper privacy safeguards. The project places individual privacy at risk. They do not take responsibility or security measures for storages of information and biometrics.
A committee of experts chaired by Justice A.P Shah released a report of the Group of Experts on Privacy in October 2012. The report consists of recommendations on a framework for privacy legislation in India. The report gives prime privacy importance and considers it to be a fundamental right. The report defines nine principles that apply to all data controllers in both the public and private sectors. This is believed to ensure to harmonize privacy legislations among governments and organizations. It also ensures that the government and businesses will be held responsible for protecting privacy. The principles follow the global standards of EU, OECD and APEC principles on privacy.
Cyber-defences are still in its working process, just like the policies and legislations for privacy and security issues in the digital world. Certain defences that foreign countries follow are:
- The Department of Homeland Security: it is tasked to prevent and respond to terrorist attacks.it may begin with identifying any possible threats and weaknesses. It requires tracking and intercepting any would-be terrorists.
- Law Enforcement: Such departments may rely on cyber-agents or specialists to analyze the evidence, profile cybercriminals and execute surveillance operations. The police departments are getting familiar with the criminal consequences posed by the digital world.
- Private Sector: They use digital encryption methods to handle the latest viruses and hacking methods. These must be updated continuously. Big businesses make use of cyber-crime agents or specialists who help in analyzing sensitive data or respond to when data is compromised.
- The National Incident Management System (NIMS): It was developed by the Department of Homeland Security in connection with the Federal Emergency Management Agency (FEMA). They work as a digital communications tool that ensures that all government agencies work in response to any natural or man-made emergencies.
- Public safety: Public can be saved from the threats of the digital world by depending on the ones that can respond to emergencies and terrorist attacks.
Privacy and security issues are the most important emerging issues in India's internet society. Companies will keep collecting information from online users and the government will continue to seek greater access and surveillance capabilities. It is only about time that India prioritizes privacy and focuses on implementing strong safeguards to protect Indian's and foreigner's privacy. This can be done by enactment of privacy legislations where privacy is considered a fundamental right. Inspiration can be taken from the small steps taken by the Report of the Group of Experts on Privacy and the government's draft on privacy bill.
About the author : Daniya Rasheed believes in consistently growing and learning. Nobody has or is expected to have all the knowledge in the world. She's a person that always takes a keen interest in learning new things and taking up opportunities that would help herself to get better.