Technology fast Growing but Cybersecurity Slowdown…Really?

In recent years, technologies are developed and growing with surprising speed. Thinking about how fast it is, Moore’s law [1] is the first line of sight. The law was introduced by Gordon Moore. He predicted that fragments of integrated circuits would be doubled every two years. However, technology is reaching the ceiling and causes Moore’s law not valid anymore. Hence, we come up with some statistics about how fast technology is advancing. Firstly, The 101 Mobile Marketing Statistics And Trends For 2020 [2] reveals that there were about 62% of global users who used the internet on their mobile phones. Secondly, the 33 Heavenly Cloud Computing Statistics for 2020 [3] also pointed out the fact that around 67% of the company infrastructure and 82% of works would be cloud-based. The last mind-blowing is the global digital population [4] as of April 2020 showed that there were about 4.57 billion active internet users and most of them use the internet for social media on their mobile phones.

There exist more interesting technologies that still keep growing up on trends and have so much impact in our daily life such as artificial intelligence (AI), voice recognition, the internet of everything, etc., Even though the stats point out the fact that how high growth rates of the technology are, life is not the bed of roses. There are two challenges to be focused on; Cyber Security and General Data Protection Regulation (GDPR).

The first challenge is Cyber Security. Not only the technology keeps growing prominently but also the cyber attack. People might understand that Cyber Security is all about hacking but it is much more than that. Some statistics reveal that it is not only the bad guys who are trying to hack people’s computers but sometimes ourselves are the weakest link in security. According to the best VPN statistic for 2020 [5], it was around January that around 1.8 billion users’ records were leaked and the records contained user information and text passwords. Moreover, around the year 2019, Ransomware has been occurring and spreading out. An estimated 200,000 devices in 150 countries are affected. On top of that, the cisco 2018, manual security report [6] showed that Microsoft email format is mostly used by hackers for compressed files and pdf since most of the email providers blocked attachments with the executable file format (.EXE). Moreover, the IBM and Ponemon Institute’s Cost of a Data Breach 2019 [7] also reported that the average cost of a data breach is around $3.92M worldwide and it keeps rising up every year. Hence, it shows clear evidence that we have not prepared for cybersecurity yet.

Referencing to Hiscox Cyber Readiness Report 2018 [8], the research shows that more than 4,000 companies in the US, UK, Germany, Spain, and Netherland were not worried about the cyber-attack and had no idea to take serious action as shown in Figure 1 below.

Figure 1: Cyber readiness by country

In addition to the above figure, It points out the chance of at least one cyberattack in any 12-month period. About 45% of respondents responded they suffered a cyber attack. The Netherlands falls in the most lack of cyber readiness compared to other countries. Nonetheless, cyber readiness issues seem to be better in Hiscox Cyber Readiness Report 2020 [9]. Many organizations invest more in cyber experts, increasing from 10% to 18%.

Common problems of data breaches are human errors, system bugs and the important one is malicious/criminal attacks which are around 48% of all incidents. There are some prevention strategies to be implemented. According to human errors and since there was a survey from Veridium (trust digital identity) called out that using passwords is the weakest security. People use various methods to bypass the password. Around 90% of them reuse passwords with different numbers and some special characters. Some 40% still use “123456” as a password. Firstly, an automated detection like a biometric system should be applied. The biometric system [10] is the system that uses kind of our identities to authenticate and authorize. The identities included physical and behavioral. The physical could be our fingerprint, facial, eyes, etc. Besides, the behaviors are voices, handwriting, movements, etc. For the mentioned incident, biometric would take place to improve security, productivity, importantly in data accessibility and resource protection. Otherwise, two-factor authentication (2FA) [11] should be seriously implemented. 2FA helps to ensure that we are the only owner of the resources if someone knows our password. Once we authenticate to the system, there could be many possible factors such as authenticator software, biometric, frequently asked questions, etc. required after that. Otherwise, we are not authorized to do it. Figure 2 gives an idea of how Two-factor authentication for Apple ID works.

Figure 2: Two-factor authentication for Apple ID

Apple 2FA will notify if someone logged in with the location so the owner will know and can make a decision to allow or not, if not all, it still requires verification codes, text messages, or even phone calls too.

Unfortunately, not all systems are perfect. The biometric system has to deal with the similarity of physical and behavioral. Especially for facial recognition, there would be a problem for family or twin in terms of misclassification. In addition, there exists a challenge of the fake face that uses the benefit of AI to change our face to anybody else too. As a result, the biometric system should be hybrid to improve the accuracy, precision and reduce the defects of the system.

However, System bugs are the technical debts from the developers. The organization should take serious action in hiring an automated tester, importantly, the security engineer. Even though it costs a lot of money, it is worth it in the long term. Lastly, for the malicious/criminal cyberattacks, cloud-based should be adopted. In cloud computing, there are so many security services that we can use such as data encryption, firewall, authentication, authorization, etc. This should help reduce the risk of cyber attacks a lot.

Here comes the second challenge, the General Data Protection Regulation (GDPR) [12]. The regulation is about data privacy for EU citizens. It has been written since 2016 and activated around May 25, 2020. The main context is all about consent which means that the data owner has a right to know and give permission to access the personal information. The target group that is affected by this are Data processors and all industries that engage with the EU. The consent is including the following; Breach Notification, Right to be Forgotten, Data Portability. For the first one, the data owner should get a notification within 72 hours after their data is leaked. Secondly, the data owner has a right to access their information. Also, they have a right to ask for altering or even removing their information away from the data processor. Lastly, the data owner has a right to request the data processor to port their data to another organization. The problem is all about Privacy by Design. The privacy by design in GDPR is talking about how we design the architecture of the system that is secure enough for cyber-attacks and prevents data breaches.

In Thailand, there are so many organizations that contact EU citizens. Some might not give any attention to the GDPR yet even they have enough security control. It cannot ensure that there would not be a problem in the future. Some well-known issues point out the unreadiness of Thailand. Firstly, the Thai Chana case[13]. The application was launched right after the government green light for COVID-19 quarantine. When people visit some stores, places, or

shopping centers, they have to scan the QR code for checking in where they are. Unfortunately, the application is trying to steal user personal information from shoppers without notifying them. On top of that, some people get phishing messages after scanning the QR. It seems that no one comes out to take any action about this. In another case, True Move H Data leaked [14]. It is around April 2018. Almost 50,000 TrueMove H users were leaked from Amazon Web Service (AWS). The data contains a scanned ID card, passport, and driver’s license. The point is they are warned once by the security authorities, but no actions on it.

In conclusion, technology is advancing rapidly as well as cyber-attacks. Even though the internet and Smart devices are involved in our daily life according to the rise of active internet users, people still have no clue about cybersecurity and their rights to personal information. The common problems of cybersecurity are human errors, system bugs, and malicious attacks. In which, those problems could be solved with technology. For instance, a biometric system for authentication and authorization and Two-Factor Authentication. My suggestion is to combine them together and the system will be more accurate and fewer defects. On top of that, the usage of cloud services is highly recommended in terms of data protection, firewall, and data encryption. Last but not least, Since GDPR is implemented, both data processors and data owners have to be more careful and give serious attention to this. The loss of data breach is so costly. It is better safe than sorry.
















Technical Project Manager at TWF Agency