Story by Victoria Voigt.
Personal data is often compared to oil — it powers today’s most profitable corporation. Major difference is that the storage and usage space is literally endless. There is no question anymore if every single time you give your personal information, such as name, home adress, or localisation, it is sold to an untracable amount of other companies but why is it so legal that our identity is an unproctected financial asset of so many companies. And why don’t we get any share of the profits but only can get fooled by the ads and other offers they give us in return.
A lot of simple and sometimes even basic information about the mechanisms of Big Data Marketing are still unclear to the majority of us. I decided, therefore, to turn to a Senior Data & Business Analyst and Cyber Security Consultant, Stefano Ricci, who knows it all about multi functionalities and security of our data in both the physical and cyber world.
Stefano Ricci – data analyst, currently working as a Business Data Analyst at Galileo S.p.A., which is among the top 500 Italian SMEs according to the “I Champion” survey, conducted by ItalyPost for Corriere della Sera. Stefano has been collaborating for years with various research institutes in geopolitics and international politics and has carried out consultancy and research assignments for the Senate of the Republic, the East Journal think tank, the Centre for Defense Higher Studies (CASD) and the Eurispes Institute.
He is an author of 100+ articles, essays, and monographs on topics such as Defense, Geopolitics, and Counter-terrorism.
Victoria Voigt: What are the most serious threats of our e-data being sold, shared with third parties?
Stefano Ricci: The main violations concerning personal data are caused by sharing personal information in incorrectly configured environments and databases which often leads to the public loss of the data itself. We are talking about billions of records of personal data, billions of fragments concerning people’s private lives. This is a problem that seems to have been amplified by the widespread availability of the so-called “cloud” technology. Inexperienced users are often inclined to remove certain restrictions (whose functionality they often ignore) if they have problems accessing data from applications, especially if those are installed on a smartphone. Often, ‘inexperience’ goes hand in hand with neglecting “best practices”, such as scanning an IT infrastructure to detect configuration errors.
VV: What’s the relevance of digital security in an era of online money transactions? How to protect our financial data on the Internet?
SR: The Internet has made it possible for users to make payments and purchases online in complete autonomy, increasing the overall number of daily transactions and the number of economic players. Although users’ attention threshold is higher than in the past, digital security in online payments remains one of the grey areas of the cybersecurity world and one of the most underrated (especially in a smartphone-oriented and social networks-influenced arena).
Digital security remains essential to avoid two types of problems: personal information leaks and external cyber-attacks. In the first case, I refer to the fact that weak passwords or unsecured browsers can become the front door for a cyber-scam. By “external attack”, I refer to the danger caused by malware, Trojan viruses and fake e-mails used for phishing. There are many ways to protect our personal information online. First, we have to use unique passwords. Varying our passwords will help make it harder for cybercriminals to use credentials stolen from one website to access our data on another one. Second, it is advisable to use private internet connections. Before opening a financial app, we should find a private location where onlookers cannot see our screen and make sure we are connected to a secure Wi-Fi access point. For example, I advise you not to make a transfer from the Wi-Fi network of the supermarket. Finally, I recommend you to verify your online identity, enabling two-factor authentication to add an extra layer of security to your account.
Sure, specific databases containing confidential information may be targeted by organized groups of hackers, but breaches caused by inexperience, laziness, and non-compliance with security rules have led to more exposed personal records than any other cyber intrusion.
Just to give you an idea: Walmart handles more than 1 million customer transactions every hour which is imported into databases estimated to contain more information than those contained in all the books in the US Library of Congress.
VV: How does the business sector analyse our data? Give me 2-3 examples of the most common operations for commercial use.
SR: The first thing that comes into my mind is customer analysis, a relatively new branch of marketing studies. It identifies target customers, ascertains the needs of these customers, and then verifies if the product satisfies said needs. There are two types of customer analysis: behavioral and demographic.
Behavioral analysis tries to identify the importance of factors that make consumers choose one product over another, while demographic analysis describes a specific customer’s demographic attributes. Today, it’s easier to answer those needs thanks to the role played by the so-called “big data”. This term refers to data sets that are too large or complex to be dealt with by traditional data-processing application software; this is a direct consequence of the proliferation of mobile devices, such as smartphones and tablets, home automation, wireless networks, social networks, and many others technologies.
It’s Moore’s Law about the exponential growth of data and data storage. Analysis of data sets can find new correlations between internet searches, newsletters, the Internet of things devices, buying habits, online transactions, and so on. Just to give you an idea: Walmart handles more than 1 million customer transactions every hour which is imported into databases estimated to contain more information than those contained in all the books in the US Library of Congress. Even media uses data analysis while pursuing the goal to convey a content that is in line with the consumer’s mindset, to improve advertising by marketers.
Data is everything that represents us.
VV: What is the most important thing about our data we should all be aware of?
SR: Data is everything that represents us. Personal data is anything that is specific to us. It covers our demographics, our location, our email address, and other identifying factors. Data is everything we might pull from the internet, whether to study for research purposes or otherwise.
VV: Do you see an increase in online scams since the outbreak of the COVID-19? What are they usually?
SR: Since the Coronavirus outbreak started, cyber-criminals are increasing their activity that is focused on vulnerable targets. Experts say they are receiving many reports involving emails asking for donations to buy “medical supplies”, or messages telling people they have been fined for leaving their home during the lockdown. Moreover, many phishing attempts aim to exploit fake government announcements regarding alleged COVID-19 sites in specific urban areas. These emails contain attachments that should not be opened, since they install malevolent code on our devices, compromising our stored personal data. For instance, Sophos has reported email campaigns containing Trickbot malware in Word documents, promising to provide useful information about the Coronavirus pandemic. Similarly, a few weeks later, there was a massive spread of emails containing attachments with a banking Trojan called Emotet.
Please note that the only reliable information and communications about the coronavirus pandemic in Italy are those disclosed by the Ministry of Health and the National Civil Protection Service!
We should always investigate the source, verify the author and check external sources.
VV: The aspect of disinformation, especially via Social Media was an issue before the pandemic. Where is it coming from and for what purposes? How should the average user of the Internet protect himself from getting fooled?
SR: This is a very complex issue and touches on a subject as complex as geopolitics. According to the academic Claire Wardle, we have to distinguish between disinformation, misinformation, and malinformation. “Disinformation” is the information of a deliberately fictitious nature having the only purpose of misleading individuals or entire communities; “misinformation” is information without relevance to the reality, created in order to spread a false content; “malinformation” consists in the circulation of information based on facts that have actually happened, but instrumentalized to cause harm to people and institutions.
The reasons behind disinformation are pretty clear: the information perceived by an individual will not correspond to the reality itself, confusing the individual’s opinion towards an argument or a situation. Imagine the effects it could have on an entire community. Disinformation is a very powerful weapon in the vast scenario of information warfare, a branch of the wider geopolitical panorama. How to defend ourselves from disinformation or misinformation? We should always investigate the source, verify the author, and check external sources. If it is written online it doesn’t mean it is true.
VV: Do you think that the governments in Europe should be more responsible for the accuracy of public information spread by foreign individuals, institutions? If so, how would you see it from the technological point of view?
SR: I believe that the problem is of a different nature, perhaps of cultural origin. If, on the one hand, governments rely on the competence of their technical and diplomatic sector for the drafting of specific agreements of a political or military nature, the same cannot be said for all cyber issues, such as the difficulty in controlling the spread of disinformation on the main social networks. Here, in this sector, cultural backwardness and unpreparedness dominate.
Today, many countries in the EU are trying to “regulate” the virtual space through legal instruments, but we are not even able to admit the evident impossibility to close a file-sharing platform without a series of clones spawning from it. We don’t even know how “deep” the cyber-space is; what do we really want to legislate on? In short, the political and community sector has not yet been able to update its dialectic and to be trained on issues as sensitive as the debates on the public debt, the Middle East issue, or the Iranian nuclear agreement. It will not be a norm to guarantee cyber stability to a country system or a regional union of nations, but the understanding of cyber issues: this is the real challenge for rulers and opinion leaders.
Contact Stefano: firstname.lastname@example.org
founder of visavis.tv and independent journalist focused on the topics of innovative economy, proactive society, and environment.
Copyrights reserved to Vis a Vis by Victoria Voigt