March has been an eventful month in the world of cybersecurity, with the US government unveiling its new National Cybersecurity Strategy and the European Parliament agreeing new common cybersecurity standards across all EU institutions.
Most of us store our passwords, personal information and more online, often never giving a second thought to those pesky website cookie messages, not even blinking twice if a website offers to save our login credentials including credit card information ready for our next visit.
An industry valued at over $217 billion last year and forecast to more than triple to over $777 billion by some estimates by 2030, data storage is an appreciating phenomenon that continues to develop in line with data acquisition.
Companies are incentivized to collect and store customer data for a host of reasons, including for marketing purposes, to group customers into geographic regions and to help advertisers target ‘ideal’ consumers. Naturally, we of course assume that our data is secure, but often this could not be further from the truth.
According to IBM data, the average cost of a ransomware attack in 2022 was over $4.5m. Further research shows that global cyberattacks are increasing, with a 52% increase last year from 2021.
The victims of attacks range from innocent consumers who assume that their passwords and online data are being stored in a secure manner to governments themselves, with vital infrastructure from security to healthcare all at risk of exposure.
In today’s age of sophisticated cyber-attacks, existing security measures are not sufficient. With companies incentivized to horde our personal data, our most sensitive possessions are susceptible to theft and exploitation.
Earlier this month, the US President unveiled a new National Cybersecurity Strategy, emphasizing that we ‘need to be able to trust that (our) underlying digital ecosystem is safe, reliable and secure’. The Strategy also highlighted how the structural dynamics of our current digital system ‘remain prone to disruption, vulnerable to exploitation and are often co-opted by malicious actors’.
The World Economic Forum (WEF) in its 2023 Global Risks Report listed cybercrime and cyber insecurity as the eighth biggest risk in terms of severity of impact across both the short and long term. It would not be surprising to see this ranking increase as time goes on, but in the meantime, there are some solutions to help mitigate against the tremendous online security risks facing us.
This year’s Davos gathering also saw leaders discuss the importance of preparing for sophisticated cyber-attacks targeting state infrastructure and crucial defense systems. According to Google data, state-sponsored cyberattacks targeting users in NATO countries alone increased by 200% from 2020 to 2022.
Naturally, cybercrime has also unfortunately translated into the decentralized world of web3, with DeFi frequently being a target despite the largely secure nature of blockchain technology.
Last year saw a flurry of hacks targeting crypto wallets and exchanges, resulting in millions in lost user funds. In one such case, over 8,000 individual crypto wallets were breached, seeing over $5m drained from them. OtterSec, a web3 and traditional security auditing firm, said the breach was ‘some sort of private key compromise’ undertaken by malicious actors.
The question of securing user data should keep developers up at night, as critical vulnerabilities have come to light with major hacks (and those are just the ones we know about). Centrally stored lists of user credentials are susceptible to foul play, meaning that the very concept of data storage needs to be reimagined altogether.
Due to their decentralized infrastructure, blockchain and web3 companies are far less inclined to collect user data but in reality, many still do. Often provided by third parties, almost any form of password or wallet management requires a central directory of credentials. It is this directory of usernames and passwords that is the number one target for hacks.
What the industry needs is a new mechanism to make certain that in the event of a data breach, customer data remains inaccessible other than by the user themselves.
Crucially, data should also be anonymously decrypted and unknown other than to the customer with a virtual access ‘key’.
Systems that are so secure that not even the developers behind them can access user data are precisely the type of non-intrusive security management systems that should be industry standard.
I’ve been in this space for a while now and know that anything is hackable – It doesn’t matter if you are a small company or a major government. What we need to make certain, however, is that even if a company is hacked, personal data and information is not compromised.
Developers must therefore continue breaking ground to ensure this data stays in the hands of the user only.
We need to shift the security balance back into the hands of the intended user, helping us stay as secure as possible in a world full of emerging threats. It is of vital importance that we continue developing new solutions to growing problems, always working with technology.
By John Karony, CEO of SafeMoon
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
