Every day, more than 2.5 quintillion bytes of data are created. A number so large our minds can't comprehend it. In 2020, every minute, 41.6 million WhatsApp messages were sent, 1.4 million video and voice calls were made, 69,444 people applied for jobs on LinkedIn, and TikTok was downloaded 2,704 times -each transaction generating different types of data. To add another layer of complexity, there are projected to be 35 billion IoT devices worldwide in 2021, each churning out its own data. A large portion of this data is personally identifiable information, or PII, such as social security numbers and addresses. Data that must be protected to safeguard the lives, livelihoods, and privacy of individuals and businesses. Something you can't put a price on.
Billy Anglin, Cisco Networking Academy alumnusLast year was the worst year on record for data breaches. Globally, a staggering 36 billion records were exposed, and nearly 3,000 publicly reported breaches occurred in the first three quarters (Security Magazine). It's no wonder then, we need today, Data Privacy Day, to raise awareness about how data is used and why data privacy is so important. To learn more about this critical topic, I turned to Billy Anglin, Cisco Networking Academy alumnus and security engineer.
How is personal information or data being used today, and why is data privacy so important?
We live in a very customized world. Customized experiences are now taken for granted in most of our digital interactions. Our social media pages, the online stores that we buy from, and the entertainment services we use are all tailored and curated to our unique individual preferences and tastes. This hyper-customization is all powered by the personal information that we feed into these services and the data generated by them. Given how this data is used, it can powerfully shape our experiences and influence our thoughts and behaviors. As a result, individuals and businesses have a shared responsibility to protect this data and its integrity. Without the needed safeguards, people and businesses are at risk of falling prey to cybercriminals, whose tactics are constantly changing.
What are the most common ways data privacy is breached?
Social engineering attacks, such as phishing, are incredibly effective. When we see a screen asking us to log in, if enough elements on the screen look familiar, it is easy to be deceived into providing information we would otherwise keep private. Another large source of data breaches comes from misconfigurations in the information systems that lead to unauthorized disclosure of large amounts of personal information. This was demonstrated in data breaches that made headlines in 2020, such as when a customer support database of a major software company was left unprotected on the web, exposing over 280 million records including email and IP addresses. When performing technical assessments for clients, I find that phishing and system misconfigurations are the most common paths leading to a compromise in the confidentiality of data.
What are some important data privacy practices for individuals and businesses?
For online services connected to financial matters, for example, or your other important services requiring PII, it is important to enable multi-factor authentication to access these services. Also, many service providers allow for a secret code or word to be used to identify yourself in phone interactions. If your phone or computer is lost or stolen, it is not just enough to have a password on the device. Cybercriminals are just an online video away from getting detailed instructions on how to bypass your password and collect information from the stolen device. In addition to a password, you should ensure disk or drive encryption is enabled in the settings for your smartphone or computer. For businesses and individuals alike, it is also beneficial to enable automatic updates for software and systems. Businesses should also remember that in many cases data is more like milk than wine. It doesn't get better with age, so retention and data destruction policies should be in place to set up governance around the lifecycle of personal data.
Given the ever-increasing sophistication of how data is used, how do you think data privacy practices will need to evolve in the future?
While many companies have put in honest efforts to comply with data privacy regulations and provide more transparency about how data is collected, used, shared, and protected, there are still technical hurdles to overcome for organizations that do not have the resources or budgets to achieve an optimal level of data privacy. Many companies and organizations are taking a step in the right direction but will need to invest in creative solutions and processes to keep up as the public becomes more aware of how data is collected and used.
How did Cisco Networking Academy prepare you for your career in cybersecurity?
When I was 14, I got my first IT-related job at the Boys and Girls Clubs of Rochester, New York. I thought that I knew a lot about computers because I could make slideshow presentations. Three years later, I took the Cisco Networking Academy CCNA course in high school, and learned that I really didn't know as much as I thought I did -and that I had a lot more to learn. The foundational knowledge of networks and hands-on technical problem-solving skills that I learned from Networking Academy are skills I use daily on my job as a security engineer today.
What tips do you have for people interested in a career in cybersecurity?
A lot of people want to go straight into cybersecurity without any background in networking, development, or systems. I would highly recommend that anyone interested in a cybersecurity career set up and experiment with virtual labs to get very familiar with different systems and networking. Networking with other professionals is also very important. Trade conferences and virtual meetups are useful ways to connect with people who are already in the field and can provide opportunities for mentorship and employment.
Interested in joining the cybersecurity industry? Get started on your cybersecurity career journey at NetAcad.com.