Light Dark
April 30, 2021 By Jennifer Gregory 3 min read
Data Protection
Security Services

Tech companies aren’t shy about how much they know about us. In fact, it’s right in my face every time I log on to my accounts: advertisements for running shoes I looked at online last week; condo rentals for the post-pandemic trip I’ve been quietly planning for months; and recommended dachshund Facebook groups likely based on the many pics of my pups I share. Big data — and the big data monopolies that cause it — open up problems for users and doors for threat actors.

While it’s always bugged me and felt a bit like I was being stalked, I had only worried about the data collection in terms of privacy. I don’t like that companies know more about me than most of my friends do. But, this problem isn’t new. Yet, each day it becomes bigger. Let’s take a look at what this means for security experts and break it down into more chewable parts.

Why Big Data Monopolies Are a Problem

In 2018, Harvard Business Review explained that while tech monopolies like Facebook and Google have been targeted (and fined) by European regulators, they have escaped U.S. antitrust regulations. These data monopolies open up many intriguing and worrisome risks. For example, they can make surveillance and security difficult, hoard wealth and affect the public debate, including our perception of right and wrong.

After I was affected by several large breaches in the past, including those of Experian and Target, I recently had an even more worrisome thought. What happens if one (or more) of these data monopolies suffer data breaches? The damage caused by the amount of data compromised with a single attack would be terrible. And, the effects would likely spill over to many other industries and businesses. So what can we do to reduce the risk?

The problem is somewhat simple. Too much private data is controlled by single companies and stored in one location. But the solution is very complex. From where I sit, I see a twofold approach working best: preventing other data monopolies from emerging in the future and lowering the risk of our current data monopolies.

In truth, preventing more data monopolies from beginning or current ones from growing involves government decisions and oversight of mergers. Let’s take a look at solutions closer to home. How can security experts work with our current data giants to reduce risk as much as possible?

Is Data Portability the Answer?

Data portability is part of the solution. Increasing users’ control of their own data is a great step in the right direction. Most importantly, consumers need the ability to actually remove their information from the data monopolies’ data collections. This reduces their own personal risk of a breach. And each person who takes this step and actively manages their data reduces the collective risk and impact of a single breach.

However, consumers can only take this step if they know about the risk and know how to perform these actions. So, who is going to lead the effort to educate consumers? Data monopolies are likely only going to publicize these features as much as required by law. The task will likely then fall to the cybersecurity world to get the word out.

Interoperability Between Big Data Monopolies

Interoperability is often brought up in the conversation about data monopolies, with good reason. The Electronic Frontier Foundation proposes multipart legislation changes that require data monopolies to open up their systems to share data with competitors. While this effort is key to getting rid of data monopolies in the future and reducing current ones, in some ways it actually creates more risk.

With true interoperability, many smaller companies that may not have the same expertise as the top tech companies have access to sensitive data. Instead of a single huge breach, there could be an increase in moderate to large breaches overall. The answer lies in creating a security framework for storing and managing data for all companies. By focusing on interoperability without security, we are only solving a part of the problem.

Does Encryption in Use Help?

Yes. Encrypting data while at rest and in transit is becoming standard for more and more companies. But both of these strategies overlook something: data in use. Encryption in use means businesses can actually get insights from data while it remains encrypted, which keeps all personal user data safe.

By working with giant tech companies to encourage and possibly require this level of protection, we can reduce the likelihood of a breach, or at least reduce the impact. And, this path doesn’t interfere with using data in the right way. Instead, it protects consumers from the negative impact. In addition, making this level of encryption standard practice improves data security overall.

Big Data Monopolies Working Together

To help solve both the short- and long-term issues, IBM partnered with AWS to create a mutual compliance framework. By working together, the two companies determined security measures that both can agree on and adhere to. By focusing on how tech companies can work together, partner with consumers and work with regulators and government oversight committees, the security industry can make great strides toward reducing the weaknesses inherent in tech monopolies.

 |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature