The Cambridge Analytica scandal was a watershed moment for cybersecurity. It certainly wasn’t the first time a major company observed the misuse of user data, but its connection to the 2016 U.S. presidential election significantly amplified its media coverage.
Ever since the scandal, Facebook has been scrambling to protect user data and prevent the purposeful spread of misinformation on the platform. Thus far, the results have been mixed.
So what’s the real problem here? Do tech companies not have sufficient knowledge and expertise to prevent data breaches and misuse of information, or is expert knowledge simply not being applied effectively?
The past few years have seen a flurry of public interest surrounding cybersecurity, specifically with regards to the unsanctioned collection and sale of personal data.
While many companies have adopted active strategies to curb data breaches, it seems that many of these companies (Facebook in particular) are realizing that modern cybersecurity is in fact far more complex than previously thought.
At the moment, there’s more than a little confusion about whether tech companies are responsible for guaranteeing security for their users.
Perhaps even more significant is the fact that trust in these companies is waning rather quickly. There have already been several calls to break up the biggest tech companies in the hopes of avoiding an oligopoly over user data.
Meanwhile, for many average users, the more immediate concern is learning more about what steps we can take to protect our personal data as much as possible.
For answers to these crucial questions, we turn to cybersecurity expert Francesco Cipollone.
Cipollone is a Chief Information Security Officer and cybersecurity advisor. He founded Technet (now known as NICE by Cineca) as well as his own consultancy firm, NSC42.
As an advocate for the importance of intelligent cybersecurity, Cipollone also regularly composes articles and speaks on the subject.
Cipollone recognizes that the ins and outs of cybersecurity often remain highly technical, meaning it’s difficult for the general public to understand exactly what’s going on behind the scenes.
We enlisted Cipollone’s help to break down important elements of modern cybersecurity. He also discussed specific steps that users can take to better protect their information in an online setting.
If the last few years have taught us anything, it’s that the world needs more tech experts, especially within the realm of cybersecurity.
It’s important for educators at all levels to recognize and appreciate skills and curiosities in their students that might suggest a talent for tech.
Analytical personality types have a slight natural advantage when it comes to exploring technology at an early age.
For Cipollone, the journey into the world of technology began with a desire to understand simple tech devices that were part of his daily life.
It was an interest that was finally nurtured more fully when he entered college.
“When I was younger I always had a thing for technology, mostly taking things apart, modifying them and putting them back together to give me something even better. But my real passion for cybersecurity came at university thanks to a professor who introduced me to it. At the time I really had no idea just what kind of a beast it was, but I was certainly hooked.”
Cipollone’s career and widespread success in the area of cybersecurity needed that first step, that first twinge of not just wanting to use technology but to understand it.
Cipollone has since tried to return the favor by speaking at cybersecurity conferences and penning analytical pieces that examine the current state of tech and where there is still room for improvement.
To help gain a foundational understanding of modern cybersecurity, we asked Cipollone to tell us about some of the biggest lessons he’s learned throughout his career in tech.
Just like anyone else, Cipollone had several initial impressions of tech and cybersecurity that were quickly disproved when he became a cybersecurity professional.
Notably, he originally had the impression that the solution to many contemporary privacy issues was to create strategies and tools that couldn’t possibly fail.
Instead, it revealed itself to be an industry that thrives on preparation and a more objective view of risk.
“Initially, I thought cybersecurity was all about getting everything right but I quickly realized how wrong I was. I now know that cybersecurity is mostly about evaluating risk and balancing risk appetite and risk exposure. It is much easier to prevent problems rather than trying to fix them.”
A clear example of this reality is the current Facebook debacle which we mentioned at the top of the piece. A lack of preparation can have any number of real-world consequences, and the resulting distrust among the public could prove to be even more damaging to the company’s future.
Anticipating cybersecurity issues has only become more complex with the rise and utilization of Big Data and Artificial Intelligence. These powerful areas of study can be used to accomplish unsavory goals.
Cipollone explained in detail why massive data collection and storage can be problematic when it comes to protecting users’ information.
“The main issue with Big Data, from a cybersecurity perspective, is an aggregation of data in one single location. Providing a central location for data without much access control potentially leaves the door open to people who want our data.
The whole subject becomes more complex with Machine Learning and Artificial Intelligence since both can create new data based on inference. Inference in data science is the ability to create new information out of two existing pieces of information.”
It’s using two pieces of seemingly harmless information to predict additional information. In the context of social media, location data and personal interests could be used to predict political leanings, for example.
While users technically agreed to let Facebook access their location and page likes, they didn’t necessarily want to offer up more specific information, such as their political tendencies.
Cipollone explained that the Cambridge Analytica scandal involved this same basic premise. The firm used inference to profile different users, then used that information to target and persuade users who fit certain criteria.
While certain methods were technically within Facebook’s rules and regulations, the end result was clearly unethical.
Worst of all, real people were negatively affected by Cambridge Analytica’s actions. As it appears right now, Facebook didn’t so much allow this work to happen. Rather, they didn’t see it coming.
This is just one of many reasons that an understanding of Big Data is essential to maintaining cybersecurity.
Understanding how AI and Machine Learning can be used to breach users’ privacy allows companies to take measures to prevent these breaches from occurring at all.
As Cipollone mentioned earlier, cybersecurity is, to a large degree, about anticipating new problems long before they happen.
We’ve arrived at the heart of the matter, which is how regular people like us can try to protect our information when using the internet or services that store user info for the foreseeable future.
This is a subject that Cipollone is very passionate about, and he even created a comprehensive guide to protecting your identity online, which can be viewed here.
“Data use and breaches are on the rise and the numbers are staggering. Ultimately you need to do a risk assessment on yourself and consider what you actually publish on the internet because once it’s there it’s never going away.”
Steps toward greater online data security are not terribly complicated in themselves, but unfortunately, they remain unknown to many users.
We asked Cipollone to highlight the most important tips that our readers can make use of today to better safeguard their personal data and ensure that their data hasn’t already been accessed by hackers.
“Use strong passwords. If you find them difficult to remember, use a password tool like 1password.
See if your credentials have been leaked in one of the many credential leaks. You can check this on HaveIbeenPwned.
Use different usernames and passwords across social media. CheckUserNames finds the same username across different mediums so try to use a variation of your name on social media.
Remove metadata from your images. JPEG images store a lot of information, including the location where it was taken. This can be used to track where you are at a particular date in time.
Disable location sharing on social media apps or directly on your phone.”
Even when inconvenient, these basic practices can go a long way toward keeping your info out of the hands of hackers and other unsavories.
The steps that tech companies need to take in order to protect user info are much more complex. Thankfully, these companies also have advanced resources and talented staff members who specialize in cybersecurity.
But are they doing enough?
While many of us are aware that data breaches happen with some regularity, Cipollone has a first-hand perspective on the issue, and he offered some staggering figures that confirm the extent to which even the largest tech brands still don’t know how to successfully prevent breaches.
“A lot of companies might think they are doing more, but based on the number of breaches which are still happening on a regular basis, it’s clear that they are not doing enough. Last year, Facebook saw over 50 million users affected in just one of several breaches, while Marriott suffered a massive breach which affected the records of up to 500 million customers.”
Is there a bright side to all this doom and gloom? After all, hackers are certainly talented and knowledgeable, but so are the experts who work tirelessly to prevent attacks like these from happening.
Cipollone left us with a slightly more hopeful look at how companies are creating cybersecurity strategies that better anticipate potential attacks.
“There is more and more effort being put into cybersecurity, but it is still far from enough. Organizations are starting to build a real culture of security. Ultimately, when companies stop cutting corners in the field of information security, the world will be a bit safer.”
Apart from doing our best to protect our personal data, we can also put pressure on tech leaders to further ensure our cyber safety. In these uncertain times, even that small bit of comfort is something that we can all appreciate.
<a href="https://medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href">https://medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href</a>