To be, or not to be for data responsibility
Only a short time after being roped into a controversial political situation in the US, Norway has become the victim of a massive data breach. In a nation of over 5 million people, 2.9 million have now had their personal and health information stolen by hackers. The healthcare organization pilfered in this scenario, Health South-East Regional Health Authority, revealed the incident on Monday. According to Kjetil Nilsen, director of NorCERT, “Everything indicates that it is an advanced player who has the tools and ability to perform such an attack. It can be advanced criminals. There is a wide range of possibilities.”
It’s not yet clear who within Health South-East RHA is responsible for any security failings that allowed malicious actors to sneak into their systems. Nor is it clear how many people will ultimately be affected. What is apparent is that we are still a long way off from reaching a sufficient standard of cybersecurity for our modern age. That applies to every country, worldwide. When over half your population gets put at risk by a breach, I think that becomes self-evident. Improvements are still needed, particularly as sensitive data becomes ever more valuable.
After all, according to a Boston Consulting Group report, the total value of personal data in 2011 was £315 billion (almost $450 billion); this sum is predicted to reach £1 trillion (almost $1.5 trillion) by 2020.
For all that data and interconnectivity has simplified and streamlined people’s everyday lives, as well as giving businesses who know how to wisely leverage them a leg up on the competition, the flip side is the perilous situation for everyone involved when this data is not properly secured and managed.
IBM CEO Ginni Rometty calls for a new era of data responsibility, advocating for “strong encryption and security strategies,” along with “constantly challenging and evolving them.” (Tinder might want to consider this when it comes to the encryption of photos on their app.) Increased communication, rapid response, clarity of data ownership—these are likewise all areas in which we’ve long argued advancement is sorely needed. Nations and companies, from top to bottom, have not on the whole been demonstrating that they’re up to the challenge.
Without substantive change along these lines, Norwegians and others across the globe will see more major data raids like this.