The threat of big data

The threat of big data

A cybersecurity analyst warns of internet monoliths using AI and analytics to instigate data-driven behaviour change among users

The power of data can be used to violate individuals' privacy and manipulate people, says Mr Prinya. 
The power of data can be used to violate individuals' privacy and manipulate people, says Mr Prinya. 

The world is going to shift from a digital economy to a data economy where data will generate a new source of revenue companies use for "psychographics", says a cybersecurity analyst.

The power of data can be used to violate individuals' privacy and manipulate people, but most internet users are unaware, said Prinya Hom-anek, president and chief executive of ACIS Professional Centre.

"The more time people spend online and more heavily they rely on social media, the more data, both for individuals and businesses, is exposed," he said.

Users often spend 6-7 hours a day online without being concerned about the privacy of their data, said Mr Prinya.

The expansion of the internet across borders has eroded the concept of sovereignty, and as a consequence the personal data of users as well as their behaviours and lifestyles can be accessed and analysed by giant internet and social media players such as Facebook, Google, YouTube and Line.

"Cybersovereignty has become a serious hidden threat for countries that will lead to national security problems," he said.

Data posted on social media, cloud and mobile services also become hidden data privacy threats. Many companies use powerful data mechanisms to attract users by improving their services, said Mr Prinya.

Technology giants like Facebook and Google use algorithms to analyse the data collected from users in order to target advertising to certain users, which is expected to generate new revenue sources.

By analysing data posted by users, Google can offer personalised search results to fit individuals and businesses. The higher the search results are displayed on the page, the costlier they are. This is a major source of revenue for Google.

Similarly, Facebook offers different feeds to its users based on how they react and post information.

Mr Prinya said these social media firms could take advantage of the dark side of artificial intelligence (AI) and big data to manipulate people's minds with the goal of "data-driven behaviour change".

Prinya Hom-anek, president and chief executive of ACIS Professional Centre, is recommending companies adopt cyber-resilience.

He pointed to certain world-changing events such as the controversial UK Brexit vote to leave the EU and online campaigns in support of US President Donald Trump as examples of data-driven campaigns to change audience behaviour, specifically voting, citing work by Cambridge Analytica to bolster his argument.

The power of data analytics and AI will enable companies or campaigns to better understand consumers, said Mr Prinya.

He said once data analytics and AI are applied through the use of "psychographics", they can be used to influence commercial and political purposes. Psychographics refers to a quantitative methodology applied to describe consumers based on psychological attributes such as personality, values, opinions, attitudes, interests and lifestyle.

Mr Prinya said the rise of cloud computing services will make two-factor authentication a default requirement for all cloud services.

Cloud security and privacy are the top priorities because they can cause a major impact through corporate data leakage. Companies must employ cloud data governance for every place they store data, he said.

The more data gathered and processed in the cloud makes it more likely data sovereignty will be affected. Therefore, critical data needs to be classified so highly sensitive material can be kept in local data centres or using data residency, said Mr Prinya.

"Thailand still does not have data residency unlike many European countries, which use it to control critical data locally," he said.

Data residency refers to the physical or geographic location of an organisation's data or information, and it also refers to the legal or regulatory requirements imposed on data based on the country or region in which it resides.

Mr Prinya suggested the Thai regulator needs to revise the over-the-top (OTT) regulation to ensure fairness and a level playing field among local and foreign operators, helping to overcome tax avoidance challenges.

"We foresee data residency and OTT regulations will become global issues," he said.

Smartphones have become an integral part of many people's daily lives. Some mobile applications can be used to hijack users' minds by mining personal data from the phone and learning users' behaviour, said Mr Prinya.

Mobile banking applications and PromptPay service need to declare what data is from users' phones and how it plans to use that data to ensure their privacy is not violated, he said. He also expects the Internet of Things will increase threats on critical infrastructure.

It is difficult to protect against the increased threats, so a new chapter in cybersecurity called cyber-resilience is required, changing mindsets from protection to prevention and response, said Mr Prinya.

Cyber-resilience means preparing an organisation concerning threats and vulnerabilities, developing defences, and making resources available to mitigate a security failure after it happens.

Countries and businesses need to detect threats by setting up security operation centres and incident response teams. Cyber-resilience will be the next big trend for critical infrastructure around the world, he said.

"The central bank is planning a cyber-resilience framework for all financial institutes," said Mr Prinya.

Do you like the content of this article?
COMMENT