And I read the this morning that in 2016, 1.6 billion personal records have been leaked, breached, stolen call it what you will. It also appears that the trend is only set to increase.
I did a little digging around and found that there are approximately 3.5 billion internet users about 40% of the world population. This means that potentially 45% of the internet users could have had their records leaked. OK you say, some will be duplicates and there will be other statistical anomollies that I don’t really understand which will reduce the percentage; but even reducing this number to 35%, it is an alarming statistic. If 35% of the world population were to suddenly be struct by the same disease would we be so calm? No there would be mass hysteria. Would governments be working together to resolve the issue? Yes, I’m sure they would.
It appears to me that the cyber-crime is not being tackled in a coordinated way. All governments seem to take an independent approach. Our own government has a Cyber-Security strategy based on making the UK the safest place to be online. Whilst well intentioned, this is surely wrong. Internet based crime is a world wide problem and can only be managed with a coordinated approach across the world. It is no use the UK being the safest place to access the internet when my records travel across the world, way outside of our jurisdiction, just to travel a few miles to my insurance broker for example.
Europe is going some way to tackle the issue with the introduction of the European General Data Protection Regulation (GDPR). This is due to be implemented in 2018. It standardises the measures across Europe that businesses should take to protect personal data. It also stipulates what measures need to be put into place if data is being shared outside of the participating countries.
The GDPR is a great step and it is clear that considerable thought has gone into it and tying it into security frameworks. There will be some teething problems I’m sure, but it will be a massive step forward. Now we need to turn to law enforcement. The GDPR will deal with the processors of data if they get it wrong, but why can’t the law enforcement agencies start to do something similar? Where there is a common approach to hunting down and prosecuting the perpetrators of internet crime. It has taken 10 years to develop the GDPR, getting 28 member countries to agree a single approach takes time. If it can be done for the data protection laws surely we can agree some standards for co-ordinating criminal investigation and prosecution of the culprits. That would start to have a massive affect, currently the chance of getting caught are low and if caught the chances of being convicted are also low. Anything we can do to improve this has to be good.
Featured Image by: frankieleon used under Flickr Commons Licence