Ransomware attacks are particularly cruel: Cyber criminals encrypt data and demand a ransom for its safe release, threatening that they will either delete data to bring a company to its knees or make the data public. For important business data and sensitive, personal ...
IT professionals often face different attitudes to IT security. Private individuals, even if they are occasionally in the public interest, generally believe that they "have nothing to hide" and that there is nothing interesting to get from them anyway. Yet as soon as masses of personal data belonging to politicians, journalists and other people are published things start to hit the fan. The mass doxxing at the beginning of January that probably had a right-wing extremist motive is only a sliver of what has been common practice for a long time. Millions of data records with usernames, e-mail addresses and partly also passwords are traded and exploited in forums. Anyone who uses passwords and usernames more than once has already lost the battle. The chance that a hacker who picks a target and tests the credentials on several web services will succeed is huge.
Of course, this is nothing new. Everyone knows that passwords should only be used once per service, that password managers make this process easier and that hacked passwords should be changed immediately. You can find out whether credentials are still secure on websites like this one. But according to current leak databases, the most frequently used passwords are still classics such as "Password" and "123456". Unfortunate as it is, the situation hasn't changed. And as long as behaviors and attitudes don't change, there is hardly any chance of improving information security on a wider front.
Still it's not all doom and gloom as a recent survey shows. A representative survey on data security by Bitkom shows a clearly increasing tendency for users to take responsibility for the security of their own data. Three out of four respondents (74%) agree with the statement "I am responsible for the security of my own data". This is a significant increase since the last survey five years ago. At the time, only 62 percent agreed with this statement. The survey also indicated that different age groups agree with taking responsibility for the security of their own data. Three quarters of 16 to 29 year olds (74 percent) feel responsible for protecting their own data, as do three quarters (74 percent) of people aged 65 and over.
Other findings of the survey also make for interesting reading. For example, 22% believe that the state is responsible for security on the Internet and – this is particularly impressive – only three percent see that businesses are responsible, i.e. Internet providers or manufacturers of hardware and software. It's no wonder that companies still don't have to fear major consequences if they just happen to have millions of data records stolen.
This corresponds to the results of another Bitkom survey, which focused on the business environment. Since the General Data Protection Regulation (GDPR) came into force, businesses have had to increasingly address data protection issues. Although the law has changed in some aspects, business have always had to take responsibility for personal data but the penalties were much lower, as were the chances of getting caught. Now the incentive to take data protection seriously is higher, but only one in three companies (31%) has a full-time position planned for employees who are mainly concerned with data protection. Mind you, "planned" is not the same thing as "appointed". About 4 percent recognize a need for more than two positions, one percent of business believe up to three full-time positions may be necessary. At the moment, data protection experts are in high demand and not every position can be filled. Nevertheless, planning for data protection staff should, firstly, be a matter of course in view of the significance of data protection to information security and, secondly, the survey suggests that businesses need to be making more progress in this area.
Taking responsibility for your personal data sounds good and is the right approach. The state cannot (and does not) protect personal data, industry cannot (and does not) want to. If the results of the Bitkom survey ring true, there is real hope for data protection and information security in the coming years.