The latest and most damaging cache of NSA materials stolen by anonymous hacking group Shadow Brokers, involving agency-grade cyber weapons potentially affecting millions of computers, should serve as a wake-up call to consumers regarding data privacy.
If the National Security Agency can be hacked, anyone can. The latest data dump from Shadow Brokers, released last Friday, contained exploits that could be used to compromise Microsoft’s Windows operating system across a number of versions.
Thankfully, Microsoft had already patched the critical vulnerabilities in supported products with updates issued in March. Still, the release of stolen NSA materials that included powerful hacking software should be alarming to anyone.
In the short-term, expect the trend of consumer data breaches to continue unabated. Long-term, this breach should serve as an important catalyst for how consumers approach online privacy and security.
The current paradigm is one of complete trust on the part of consumers. We believe that institutions can keep our most private medical, financial, and personal secrets secure. That belief is based on the perceived infallibility of the security systems in place to protect our data.
The latest Shadow Brokers hack has proven that even the most sophisticated government intelligence agencies are susceptible to penetration by determined cybercriminals. Servers containing vast amounts of consumer data will continue to be targeted by groups such as Shadow Brokers, who can dedicate the time and resources required to penetrate seemingly impenetrable defenses.
Rather than continuing to fight a losing battle to secure massive centralized databases, what if consumers fundamentally changed the nature of how their private data is stored and secured? Instead of one server containing millions of consumer records, one million consumers retaining their private data individually. While it may seem far-fetched, there are numerous startups using Blockchain and other technologies to make this de-centralized dream a reality. A system where consumers would be fully in control of their private data, choosing how and when it is preserved and used by institutions.
No security system will ever be perfect. There will always be vulnerabilities. What can be changed is the number of points of failure required to hack the personal data of millions of consumers, and the risk/reward ratio of such endeavors.
A lock is only worth breaking if what’s behind the door is worth more than the cost of breaking the lock. Putting data for millions of consumers behind a single lock creates a strong economic incentive for breaking it. Place that same data behind millions of individual locks instead, and the incentive to break any one lock is greatly reduced.