Future of Data Privacy—Need one-stop platform for consumers to check vulnerabilities, fix them: Saket Modi

Under Article 21 of the Indian Constitution, the Right to Privacy is recognised as a Fundamental Right for every living person in India. While we await the Personal Data Protection Bill (2019) to be passed in Parliament, the pandemic has accelerated digital growth and cyber-adoption. What happens when a country of 137 crore people depends on the internet to function? An insurmountable amount of data is being created, transmitted, and stored. An astonishing 463 exabytes of data will be generated each day, and India, a data-rich economy, will account for about 21 exabytes per month by 2025! For perspective, to create 1 exabyte of data, your video call would have to last for 2,37,832 years!

Rightly, Covid-19 has been called the ‘great accelerator’ of digital transformation. Individuals across sectors including, but not limited to, education, manufacturing, banking and payments, retail, ecommerce, and fitness moved to adapt their life around gadgets. Virtual life has taken center stage as the pandemic continues beyond 2020. At the heart of everything that kept (...is keeping) the gears of the world turning is the well-oiled machinery of ‘digital’ and ‘cyber’. Between data-rich giants such as Facebook and Cambridge Analytica finally being held accountable for their actions, and the common man’s furore over the intrusive Privacy ‘Terms and Conditions’ of WhatsApp, there is a visible recognition of the fact that data privacy can no longer be an afterthought or a commodity.

Why is data privacy a matter of your concern?

Humans are born with a reflex to protect themselves, but this has developed over years of evolution through learning and relearning. That explains why we still look both ways before crossing a one-way street, yet rarely stop to question the legitimacy of links sent to us by a stranger, online. The pace at which ‘digital’ and ‘cyber’ engulfed us did not allow a protective reflex to develop. Unlike the physical copies of important documents that are kept under lock and key, people tend to trivialise the impact a data breach can have on them—at home and at work.

Many applications, websites, and services which don’t need access to your data are collecting it anyway with your permission. While you get comfortable with targeted advertisements on social media and customised content, you gently allow privacy to be controlled by corporates. The plethora of data circulated online originates from people saving and sharing Personally Identifiable Information (PII) in abundance without a care in the world. While you’re unaware of the number of exposures you have, they’re being used to gain access into the accounts you hold most dear—your Gmail (which is further connected to your digital life), your Facebook (again connected to a larger ecosystem, and experienced a recent breach of 533 million users’ data), your bank accounts and financial apps like Paytm and Zerodha (MobiKwik and Upstox—the second largest in these categories—have already seen recent large breaches) and anything else they can get access to, including using your accounts to deceive members of your family. Sensitive information such as sexual orientation, gender identification, addresses, among others, could be misused to orchestrate horrific crimes such as sextortion and teenage blackmail, financial frauds, email scams, and more.

People need to hesitate, stop and develop a healthy scepticism about things on the internet the way they do in the real world

Image: Faisal Khan / Anand Olu Agency via Getty Images

There is a massive gap in how consumers or end-users navigate the internet. No one taught the current digitally-native generation how to use the internet safely, let alone their parents or elder relatives. These are the same people who are employees at an MNC, the CEO of an MSME, a receptionist at an IT company, or the teller in a bank, hence becoming critical for enterprise and national cybersecurity. At a juncture in human evolution at which technology is embedded within every action and thought, security can no longer be an afterthought.

Software, hardware, products & services need to be secure by design

The de facto standard of any data that goes and therefore stays on the internet should follow the holy grail of Confidentiality, Integrity, and Availability. This triad is the bedrock of cybersecurity. There are so many forums for redressal after a cyberattack, but so few to improve personal digital hygiene to prevent it.

Depending on corporate entities ‘to do the right thing’ or waiting for the government to act is no longer sufficient. When the pandemic began, Zoom was a software most of us depended on and used. Their sales jumped 169 percent year-on-year in the three months to April 30, 2020, to $328.2 million! However, a series of hacks revealed security flaws—the company had sent user data, wrongly claimed end-to-end encryption, and allowed meeting hosts to track attendees. Immediately, their stock prices dropped like a rock in April, plummeting 17 percent. Is it not time to create technology that is secure by design rather than continuously adopt a reactive approach that is evidently failing?

Despite businesses investing billions of dollars in cybersecurity, the World Economic Forum, EY CEO Imperative Study, the PwC 24th CEO Study and more identified it as one of the biggest threats to the global economy, and 2020 might just have been the worst year so far. Even while 90 percent of data breaches have a human aspect, less than 10 percent of budgets is allocated to prevent it proactively. Case in point: Nearly 70 percent of employees polled in a survey said they recently received cybersecurity training from their employers, yet 61 percent failed when asked to take a basic quiz on the topic!

The issue plaguing data and its security is two-fold: Firstly, there is a total lack of its standardisation—at the macro (international), mini (intra-national), micro (enterprise), and nano (individual) levels. Today, we can estimate a person’s health by studying their pathology reports with the healthy ‘normal’ enumerated. Similarly, we can gauge and standardise levels of intelligence (cognitive and emotional) with granular, decimal point values. However, for a generation that has grown up and lived during the internet’s surge, it is uncanny how under-examined their cyber-intelligence is. There is no metric to gauge the cyber-health/ awareness of an individual! By what means of comparison, then, does one understand where things are going well and what can be done better unless there is a universal standard of cyber consciousness?

Secondly, the masses rely on unverified videos and online searches for cybersecurity-related answers. Such a siloed approach to cyber awareness is cumbersome. It needs to be repeated periodically to keep up with the evolving trends, tactics, techniques, and procedures used by cybercriminals. This narrative can change with the re-engineering of cyber-consciousness. People need to hesitate, stop and develop a healthy scepticism about things on the internet the way they do in the real world.

For the level of collective re-engineering needed at the moment, there has to be a solution that appeals to the masses and will be the single source of truth. It has to be able to incorporate the infinite number of variables that each individual possesses, while simultaneously being snappy, fast, slick, and modern. It should also retain the essence of cyber awareness—across every digital platform that exists, be it social media or digital payments applications, online shopping, or work emails and communication. What we need is an all-in-one platform for people to check their sensitive information exposures and remediate the same, learn about preventive measures against cyberattacks such as better device hardening, and more robust cyber hygiene practices. With each level of cyber awareness unlocked, individuals can get to know their own ‘Cyber Quotient’ (an SI unit for personal cybersecurity) and strive to improve it in real time. As cybercriminals get more assertive and sharper, the people of this world will have to step up and come together to make this remarkable global entity—the internet—a safe space for one and all.

‘Never Trust, Always Verify’ is the newest form of currency for people and businesses to move forward, together. Digitisation is a fundamental reality, and the sooner people realise their role in enabling cybersecurity, the better it will be.

The future of a digital-first world comes with a forewarning: You can have security without privacy, but you can’t have privacy without security. Published in 1949, George Orwell in his novel 1984, had accurately predicted that our ignorance would be the strength of Big Brother(s). However, he also said, “Nothing was your own except the few cubic centimeters inside your skull”. Let us use it wisely to keep what’s only and only ours precisely that way—private.   

● Saket Modi is co-founder & CEO, Safe Security