Data breaches worldwide cost nearly $4.5 million on average but the indirect consequences, such as loss of reputation and customer trust, as well as regulatory fines, paint a grimmer picture, especially with the rise of artificial intelligence (AI), making data security paramount.
Senad Aruc, founder and CEO of Netherlands-based security operations (SecOps) firm Imperum, said that data security has become a key issue for not only individuals but also institutions and countries.
Aruc, speaking to Anadolu on the occasion of Türkiye’s Personal Data Protection Day on Monday, highlighted that no country is exempt from the risks when it comes to data, and although AI can achieve great feats with large data sets, data security has become a significant issue.
He emphasized that AI can be used for “wrong purposes in the wrong hands,” noting that data security, especially when it comes to big tech firms that deal with large user data to train AI models with or without consent, which can lead to “systematic violations of privacy.”
Aruc mentioned that the issue lies in the “smarter and safer data usage,” underlining that the responsibility falls to both individuals and organizations to set up ethical boundaries, and Imperum develops solutions to combine security with AI without data compromises, as data-targeting attacks become increasingly more sophisticated day by day, taking advantage of human error and psychological manipulations.
For instance, phishing attacks mislead people to collect their data, especially their financial and personal information, while spear phishing attacks target a specific person and are more convincing due to their specialized nature. Aruc said these play a key role in obtaining user data and passwords.
He noted that data leaks and insider attacks still pose huge threats to data security and these stem from weak security protocols of companies, which lead to devastating results.
Aruc mentioned that ransomware attacks, on the other hand, block access to the user and demand a ransom for data recovery by encrypting the user’s data and making it inaccessible.
While these attacks have been more commonplace since the dawn of the internet, deepfakes have evolved with the rise of AI.
Aruc highlighted that deepfakes, which mislead people via fake images, videos, and sounds, are still used to taint the targeted individual’s reputation, and AI and machine learning are used in these attacks now.
He said that users’ key concern should be to know their data’s value and not give out any data to any platform without reading which data is allowed to be collected. He emphasized that free services have a price, that being users’ data.
He suggested the use of two-factor authentication (2FA) passwords for accounts, checking source of links in emails, and being skeptical of filling any personal information online even if it may look official, while vulnerabilities in outdated systems—which may or may not be beyond users’ control—can be taken advantage of.
Aruc noted that AI can be used to analyze people’s social media accounts to profile them to find the most effective attack, advising to “think twice” when sharing personal information on the internet.