The data hack is something that is going to become a common occurrence due to the fact that data has so much of value.
Based on the developments in data science and the ability to use data more a variety of different economic activities means that this valuable asset has incentive for people to try and obtain it similar to how someone would break into a vault and steal cash or diamonds.
In the case of this hack, the personal data of so many customers has been breached and represents close to 50% of the South African population and will possibly be traded on the dark web (black market) for a variety of reasons.
- A cyber criminal will want to sell the information in return for their efforts of breaching the defenses and gaining this valuable information that has value
- The cyber criminal may use the information to socially engineer and impersonate the victim whose data has been lost in order to gain financially through means of cyber crime and fraud. Financial services institutions use a persons social information as a layer of authentication to prevent cyber crimes and with data now being leaked represents an overall decrease to security controls that they have worked hard to implement in order to protect their clients.
- A new trend seems to be fintechs acquiring this data to provide innovative financial services since theoretically the data will eventually become public.
The impact of this breach weakens South Africa as a sovereign state as the overall security controls which are in place across the financial services and all sectors would overall decrease due to the global cyber criminals having access to all this data that can assist them with socially engineering through anti cyber controls.
The challenge South Africa has as a developing country is that we will eventually run out of resources to defend against cyber crimes to the extent that first world countries could and this weakness would require further spending on cyber security in a depressed economy that is impacted severely by COVID 19.
Conspiracies exist that In the worldwide fight for power between the USA and China , we could see South Africa’s data mobilised by these giants for purposes of exerting control and the country that is able to better leverage the data would be able to obtain higher levels of power. China have demonstrated their ability to gather data and be agile is probably close to being the leader as can be seen through the way they defended against COVID 19 and have probably won the global war on COVID 19. In our compromised economy , people and companies in China and equipped with this data would be in phenomenal position to leverage this data and engineer merger and acquisition transactions that would minimize the value of economic inflows into the country that desperately needs global money to come in.
As the average South African , we have so much trust in central organizations such as this one that has now compromised so much of our populations data. There has to be a new world order where decentralized solutions such as blockchain and distributed ledgers ( the technology that bitcoin runs on) could allow us to decentralize the storage of personal information such as the data stored by them and put power back into the consumers hands. Organizations such as civic that are developing solutions around digital decentralized identity is something that will be accelerated as a result of people losing trust in centralized “trusted” third parties. The answer has to be decentralized solutions that will prevent breaches such as these and allow this information to belong to the consumer as opposed to the third party.
Financial services institutions find themselves in an interesting space at the moment as they would be the key providers of data to these bureaus however they still remain the custodians of the data. Their only blessing at the moment would be the fact that POPIA has not yet come into effect. Under POPIA, there would be serious fines payable and the financial services institution would need to inform each individual client of the breach . This would be a costly and have a damaging effect on the status of the financial services sector in South Africa.
As a consumer, if you give your valuable gold to a vault ( bank) and the vault shares it with a service provider ( Mint ) and the mint loses the gold: a consumer would sue the vault to be compensated for their loss. All things equal, can consumers sue the financial services provider that gave their data to the bureau in order to be compensated for the loss of their valuable information?
Definitely and exciting space to be in at the moment in a global issue that will have far reaching impacts. The move to digital makes human life better and more pleasant but that doesn’t come with more risks that if not managed, could have a fatal impact.
Read more BDO Insights