Data Leaks and Breaches: Addressing Cybersecurity in the Digital Landscape

There is one main problem that we should address as a society: unnecessary sharing and exchanging of information. Thierry Gagnon writes.

By Thierry Gagnon for The Hamilton Spectator

We have all heard this story. A data breach hits a big-name company and makes headlines. The company responds by apologizing to its customers and promising it won’t happen again. They try to make amends by offering a year of free credit monitoring, and before you know it, they’re breached again.

A company certainly bears responsibility when experiencing data leaks or breaches, but that doesn’t change the fact that it’s part of a broken system that enables this cycle to repeat itself in perpetuity. It’s much easier to focus on a company rather than the 30,000 foot view. But by shifting the blame cycle from one company to the next, society will never address the root cause.

Based on my experience working in the Canadian public sector to address national cybersecurity threats, I believe there is one main problem that we should address as a society: unnecessary sharing and exchanging of information. But culturally, we accept this as the way the world works. And given most of us — including those who are directly responsible for protecting our data — operate with the same mindset, how can we expect large corporations to be the best advocates for our personal information?

High-profile companies demonstrate the inherent flaw in the way we currently think about data protection and cybersecurity. For example, Marriott was breached in 2014 and that incident went undetected until September 2018. They have been breached a total of seven times since 2010. T-Mobile has also been breached several times, including in 20182019, and most recently in 2021 — that’s almost once per year!

Both companies were negligent and careless. However, one unifying commonality throughout not only Marriott and T-Mobile’s case, but present in all breaches is the movement and oversharing of data, and society is unfortunately OK with it. The movement and oversharing of data create and maintain the status quo.

The truth is that cybersecurity is currently an afterthought for most companies, especially those that specialize in non-tech offerings. How can we expect Fortune 500 companies to safeguard our personal information when their core business does not align with protecting data? Therefore, it should not come as a surprise when these incidents continue to occur. The mere fact that data and information is transferred means that there is a high chance it will be exploited throughout that journey.

Society simply cannot afford this as the status quo. There is a better approach to addressing this fundamental flaw, and the current way of thinking is ripe for disruption.

By reimagining cybersecurity and data management, we can fix trust in digital relationships and make compliance less painful for companies. This can be achieved if the private and public sectors alike adopt a system that adheres to a set of principles to guide action. Organizations should implement simple and efficient forms of identification that ensure the highest level of security during the authentication process and when providing different levels of authorization online. We need to also implement good governance models when managing data and cybersecurity (there should be a set of standard rules that are trusted and adopted across industries). And since cybersecurity does not exist in a vacuum, different systems need to interact with each other and be integrated.

Cybersecurity should aim to make everyday digital operations secure, seamless, and 100 percent private. From banks, to government agencies, to businesses across every industry, cybersecurity should enable any entity to access and validate only the data they need and are permissioned to see.

Transforming traditional relationships into deployable, interoperable, and secure digital interactions is possible without compromising legacy systems. And it also can be done with limitless scalability, enhanced privacy, better compliance, and ease of use.

Thierry is co-founder, President, and CTO of Kelvin Zero and one of the world’s foremost experts on secure information sharing networks. Prior to Kelvin Zero, Thierry was engaged with critical infrastructure organizations in the private and public sectors, including law enforcement, cryptographic agency and national defence, and national cyber response.