Security in the data economy
Posted: Sun Dec 22, 2024 5:43 am
While it may seem like a modern issue, security and privacy breaches are nothing new. Ever since people began communicating, there have been those who wanted to somehow find out what was being communicated, whether by listening in on a conversation without others noticing or by intercepting electronic communications. Likewise, ever since businesses first emerged and those businesses began keeping records of their activities, this data has been targeted by competitors and malicious actors.
Information security is not a new problem for companies. However, its relevance has been increasing over the centuries and decades, and in recent years it has grown exponentially. This is due both to the explosion in the amount of data that companies collect and store, and to the evolution of the role of this data within organizations. In the data economy, where information is one of the main assets of companies, the protection of this data becomes a legal and fiduciary obligation for directors and representatives of companies.
And while the conversation naturally focuses on the issue of personal data, data protection must necessarily look beyond the information of individuals. As we have oman whatsapp number discussed before, the data economy is not about selling people’s data, but rather about maximizing the value extracted from companies’ operational data. Information that comes from operations is as valuable as, or even more valuable than, any customer data. Imagine, for example, a company that develops video games and has the source code of its products stolen , or an entertainment company that has movie and TV scripts leaked to the public or to competitors. Situations like these, which do not involve any personal information, can cause more harm than what we normally understand as a “data leak”.
The focus on personal information, although required by the LGPD and other regulations, often ends up becoming a problem. Companies encrypt their customers’ information, protect this data behind security systems and processes, and feel like they have “done their duty”, forgetting to protect other types of data. The security of “business” information, which does not include personal data – things like spreadsheets and documents, or even support systems, such as ERPs – is left on the back burner, and suffers from vulnerabilities simply due to a lack of focus.
It may seem silly, but operational information can be used to predict companies' financial results, leading, for example, to the manipulation of stock market values. It can also be used by competitors to gain unfair advantages. The 2015 case of Ticketmaster , which improperly accessed data from a competitor to steal customers, is emblematic. What is even worse is that identifying this type of leak is much more complex than identifying the diversion of personal data. When stolen, personal data is usually sold through specific channels, which can be monitored and tracked by researchers, making it easier to identify leaks. In the case of operational data, the leak can persist for years without being detected, further increasing the potential loss.
And operational data leaks do not always occur directly, simply because information was not properly protected, or because a document was exposed in a folder where it should not be. Often, competitors – or malicious actors – exploit legitimate company systems to obtain confidential data improperly. Imagine, for example, an airline that has developed a proprietary algorithm to price seats on a flight, gaining a competitive advantage in the market. A competitor can set up a process to automatically compile the prices displayed to different types of customers in different situations and at different times. With this data, it can use reverse engineering to replicate the pricing algorithm, thus eliminating the original company's advantage, or even always offering prices 10% lower, hurting sales.
In the data economy, value lies not only in information, but also in the products that are created from that information. Algorithms, analyses, predictions and other things have their value tied to the data on which they are based. And both data and derived products only have value to the extent that they are unique, that is, they cannot be copied or duplicated. Thus, protecting all of these elements is essential for companies that want to be successful. Information security, in its broadest sense, must be part of an integrated data management process, along with data governance and validity management . Companies that fail to recognize this need will quickly lose any advantage they once had.
Information security is not a new problem for companies. However, its relevance has been increasing over the centuries and decades, and in recent years it has grown exponentially. This is due both to the explosion in the amount of data that companies collect and store, and to the evolution of the role of this data within organizations. In the data economy, where information is one of the main assets of companies, the protection of this data becomes a legal and fiduciary obligation for directors and representatives of companies.
And while the conversation naturally focuses on the issue of personal data, data protection must necessarily look beyond the information of individuals. As we have oman whatsapp number discussed before, the data economy is not about selling people’s data, but rather about maximizing the value extracted from companies’ operational data. Information that comes from operations is as valuable as, or even more valuable than, any customer data. Imagine, for example, a company that develops video games and has the source code of its products stolen , or an entertainment company that has movie and TV scripts leaked to the public or to competitors. Situations like these, which do not involve any personal information, can cause more harm than what we normally understand as a “data leak”.
The focus on personal information, although required by the LGPD and other regulations, often ends up becoming a problem. Companies encrypt their customers’ information, protect this data behind security systems and processes, and feel like they have “done their duty”, forgetting to protect other types of data. The security of “business” information, which does not include personal data – things like spreadsheets and documents, or even support systems, such as ERPs – is left on the back burner, and suffers from vulnerabilities simply due to a lack of focus.
It may seem silly, but operational information can be used to predict companies' financial results, leading, for example, to the manipulation of stock market values. It can also be used by competitors to gain unfair advantages. The 2015 case of Ticketmaster , which improperly accessed data from a competitor to steal customers, is emblematic. What is even worse is that identifying this type of leak is much more complex than identifying the diversion of personal data. When stolen, personal data is usually sold through specific channels, which can be monitored and tracked by researchers, making it easier to identify leaks. In the case of operational data, the leak can persist for years without being detected, further increasing the potential loss.
And operational data leaks do not always occur directly, simply because information was not properly protected, or because a document was exposed in a folder where it should not be. Often, competitors – or malicious actors – exploit legitimate company systems to obtain confidential data improperly. Imagine, for example, an airline that has developed a proprietary algorithm to price seats on a flight, gaining a competitive advantage in the market. A competitor can set up a process to automatically compile the prices displayed to different types of customers in different situations and at different times. With this data, it can use reverse engineering to replicate the pricing algorithm, thus eliminating the original company's advantage, or even always offering prices 10% lower, hurting sales.
In the data economy, value lies not only in information, but also in the products that are created from that information. Algorithms, analyses, predictions and other things have their value tied to the data on which they are based. And both data and derived products only have value to the extent that they are unique, that is, they cannot be copied or duplicated. Thus, protecting all of these elements is essential for companies that want to be successful. Information security, in its broadest sense, must be part of an integrated data management process, along with data governance and validity management . Companies that fail to recognize this need will quickly lose any advantage they once had.