Open Data against Corona—What’s the security price of this chorus?

by May 12, 2020 0 comments

Collaboration cannot work its wonders with closed fists and closed minds. But how to make sure that the beehive gathers more honey and fewer intruders? Quite a question there! Pratima H looks into it.

It is both unusual and heartening to see so many academicians, medical professionals, data scientists, vaccine experts and labs all over the world blurring all boundaries and collaborating like never before. After all, a challenge as stubborn, and as unprecedented, as the current pandemic demands nothing short of a giant human wave of knowledge-sharing.

This is where open data sets are exuding a lot of strength and scale for the speed, diversity and depth that this collaboration needs.

Ritesh Chopra, Country Director, NortonLifeLock India explains the realm of open data repositories in detail. Open data is the basis of a wide range of applications, services that aim to improve our daily lives. There has been effort at making data available by public administration to increase accountability and transparency. However, as seen recently, they are also providing this data in order to create new, and more efficient, services specifically in healthcare sector. Open data on COVID-19 is available for research scholars and industry experts for finding a possible cure for the disease and work towards developing vaccines.

ODI or Open Data Institute has offered free support for organizations in designing data models for tackling the Coronavirus crisis. It has emphasized how Data is playing a vital role in helping to support research into the Coronavirus and develop ways of responding to COVID-19 and its impacts. A recent statement noted that when data is open for people to access use and share, research and innovation can take place more quickly and, arguably, with more efficacy. “Reducing the steps that researchers and developers have to go through to get access to data means insights can be derived more rapidly.”

In another effort not far away, Microsoft has also ushered in the Open Data Campaign, in collaboration with the ODI and The Governance Lab, and it aims to address data inequality among companies, as well as regions. The campaign is explained as a way that aims to facilitate open and secure sharing of large-scale data, and especially information that could help in solving some of the biggest challenges facing society, like healthcare, sustainability, and urban socioeconomic issues.

Microsoft has also declared its participation direction for twenty data projects to help fight the data divide issue. It intends to share datasets from the project openly on GitHub and will publish the results of its COVID-19 research project. Its researchers distilled that less than 100 companies collect more than 50 percent of the data produced today. That clarifies the need for solving the staggering divide in data ownership right now.

Another alliance of data analytics experts has also emerged to help the world to recover from the economic impact of the COVID-19 outbreak.

This one is established by Rolls-Royce, Emer2gent to combine traditional economic, business, travel and retail data sets with behaviour and sentiment data, to provide new insights into and practical applications to help people and organisations adjust to the new normal.

Its members include Leeds Institute for Data Analytics, IBM, The Data City, Truata, and ODI Leeds. Interestingly, the alliance has pledged to have “a sharp focus on privacy and security” issues.

If we draw an enterprise corollary, an Accenture C-Suite survey also affirmed that organisations are opening up to this new, bold, brave and open-minded genre of collaboration. It showed 36 per cent executives pointing out that the number of organisations they partnered with had doubled or more in the last two years. As many as 71 per cent anticipated a surge in the volume of data exchanged with the ecosystems. But an Accenture Research also underlines the flip side of this collaborative tide. Companies saw about ten per cent dip in revenue for up to six months after a large, public data breach—and that revenue loss takes two years to recover.

When birds of many feathers flock together, they are easier to spot and hunt, aren’t they?

Gate-crashers to the party

Chopra argues that open data comes with its pros and cons. “Two things one should keep in mind—data integrity and privacy. The source of the open data is important for understanding its authenticity, so it is always recommended to use these open data from authorized source to ensure the data integrity. Data set from unverified source can be risky and can put the research firm on target of hackers and can lead to data breach or ransomware attacks.”

Crisis is a time that causes bad decisions and weak spots more easily. The tendency toward ad-hoc decision making during crisis only accelerates the opportunity to exfiltrate data or compromise business operations, Prashant Bhatkal, Security Software Leader, IBM India South Asia contends.

It is not hard to guess why there is anxiety over too much sharing of data. Some UK privacy and security experts have raised warnings over Coronavirus apps already. In an open letter raising some concerns, 177 academics in UK did what 300 academics had done from all over the world a few days back. The emphasis on data protection principles and the role of necessary trust was starkly visible in the ensuing discussions. Germany, Estonia, Spain and Switzerland have leaned towards decentralised architectures so that privacy and data’s fair use is ensured. Cross-platforms APIs are also being heavily debated.

Meanwhile, the heat on databases that allow de-anonymisation of data keeps getting stronger. Understandably so—put in a common and open pool, all this data is easily susceptible for getting into the wrong hands, for unfair surveillance and as a repository for personal information that can be exploited for wrong intentions. De-anonymisation of data is a valid concern emerging in the last few weeks in various parts of the world, Chopra seconds that. “When it comes to privacy, we talk about it being published anonymously. The main goal of anonymisation is that analysts will still find the data useful while it is not possible to identify people whose information is included in the dataset. But most recent events indicate that the risk of de-anonymisation is always there and can be used to identify people from these data sets—which is a big privacy risk.” Chopra explains as he cautions that we should also be aware about cybercriminals attacking healthcare sectors through practices like spear phishing.

Herd immunity—Possible?

Being open is risky. But that should not deter these encouraging efforts that straddle all industries, regions and professions—just to make sure we survive this storm well.

In fact, done the right way, openness can be a security booster in itself. A security analysis at ODI had found that companies were turning to open data with an increased interest as a way to combat hackers. This is because this approach allows them to fill gaps, reduce risks and seize opportunities.

That’s why Accenture recommends approaches like Privacy Preservation Computation (PPC) Techniques, secure hardware enclaves, data obfuscation as per differential privacy norms, homomorphic encryption (broad statistical information gathered and inferred without exposure of individual specifics), and secure Multi Party Computation (MPC) (wherein actual data source is kept private without disabling a group to combine their data).

Being prepared and cautious always helps.

“Cybercriminals impersonating organisations like the WHO, send phishing mails to employees of various research organizations involved in COVID-19 study. So, it is important for the CISO and the employees of the organization to identify these phishing emails to stay safe and keep the organization’s network safe by avoid clicking these links or downloads. It’s also important to remember that as most people are not working from laboratories or research desks, but their own homes, the network, devices and their entire ecosystem is now different, which makes things more vulnerable. So, it’s crucial for everyone to take measures to protect their devices.” Chopra advises.

If we have learnt anything in the last few weeks, it is hard to be skeptical against the beauty, brilliance and impact of the collective human spirit. A flash-mob singing together or playing bells in harmony or banging steel-plates with a buoyant mood—how much that inspires and elevates everyone! All we need to take care is that whether we share songs, music, torch-light, chants, research progress or data; we should stay in our balconies. Sharing is possible without thronging like a disoriented amoeba. Let’s work like bees instead.

Of identity theft and Zoombombing

39% respondents in a survey in India reported experiencing identity theft, with 10% having suffered some manner of loss as a result. Often, even though people are worried about cybercrimes and aware of phishing scams, they do not take adequate measures to protect themselves. The recent Zoombombing incidents have made us aware of yet another way how security and privacy breaches can occur. It is absolutely essential for users to take strong measures to protect their devices and their personal identifiable information from all kinds of online threats. Using VPN can protect your personal data and online connections from cybercriminals to a great extent.
(Source: NortonLifeLock Cyber Safety Insights Report)

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.