top of page

CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

Cybersecurity and Big Data trends in Retail Industries





The retail and service industry is costly in terms of demands due to the difficulty of managing inventory and precious shelf space. Retailers must carefully plan when to put an item on sale, where to place the item, when to restock the item, and balance understand the potential for opportunity when giving up space to one item over another. Small mistakes can cost retailers dearly in lost revenue. Businesses that can rapidly react to consumer demand have an advantage in the market place because their customers can readily find the items they want to purchase. In a world of instant gratification, people tend to not want to wait. Products and competitor pricing is readily available through information sources such as Internet searches. Larger business organizations often rely on big data analytics to understand customer trends and focus that information in a valuable and meaningful method to achieve revenue targets. It’s a well-known and simple fact: businesses are collecting more information on individuals than ever before. This includes monitoring shoppers in stores for behavioral patterns, or following potential customers through Web sites to see what attracts their attention.


What is collected, how it is stored and used, and most importantly how that information is (or isn’t) protected differs greatly. Generally we hope data protections are applied according to regulations, laws, and strong internal corporate policies. Businesses typically struggle with multiple types of regulations governing customer personal information. Can more interesting approaches, such as the use of metadata, benefit business organization revenue goals? If so, what are the real benefits to their customers? This paper will examine those questions, along with cybersecurity dangers the consumer faces due to the risk of businesses losing their personal information. We will also examine the role of government in balancing out the needs of consumers and business goals associated with data collection efforts. Then one final question is posed: who should be responsible for enacting data protection within the confines of this topic? According to IBM’s website: “Big Data Analytics is the use of advanced analytic techniques against very large, diverse data sets that include different types such as structured/unstructured and streaming/batch, and different sizes from terabytes to zettabytes.” (IBM)Why is this different than from any other type of data analysis that has been available for years through data mining? One answer is that current data sets have been collected over long periods of time. Many companies have vast amounts of data that have, in effect, ‘stacked up’ over time. The IBM website continues with this: “Big Data is a term applied to data sets whose size or type is beyond the ability of traditional relational databases to capture, manage, and process the data with low-latency. (IBM)





Organizations can now start to see trends they never knew existed. What may initially appear as insignificant may, in fact, provide a way for a business to realize stronger revenue streams through the efficient application of data analytics. For example, it may be revealed that someone who is overweight spends more for his girlfriend during Valentine’s Day. These types of people may also be attracted to shopping areas with soft lighting. When retailers can adjust to these types of data points such as these, they may be able to target this demographic and even determine when they think they will go out of their house to go shopping.


When coupled with other group preference trends, the potential to capture more business becomes readily apparent. Data analytics has been benefiting businesses and consumers for some time now. Google, which provides email, maps, and Web search services for millions of users every hour of every day, is trading those services to its users in exchange for information. That information comes to them primarily in terms of metadata focused around user behavior patterns.Hugo St. John in the November 11th, 2013 issue of the Motley Fool stated: “The really interesting part involves what Google decided to then do with all of that user-provided data, which one must remember was essentially provided free-of-charge. Well, given Larry and Sergey’s original mission revolved around attempting to ’organize a seemingly infinite amount of information on the web‘, naturally, Google organized and packaged all of this user-data up for advertisers to pay to use.” (St. John 2013)Consumers benefit directly from using Google services by getting access to valuable applications and services.


In exchange for those benefits, they provide metadata. Google leverages this information by organizing the metadata to sell targeted and relevant ads back to users – and charging advertisers billions of dollars per year for access to that metadata and ad placement. Although on a superficial level it may seem like the consumer is giving up quite a bit for little in return, this may not be necessarily true. Most consumers use Google maps on their phones to get real-time, turn-by-turn directions when driving.


They use free email communications and capabilities via Gmail. (Incidentally, this was the first service that let users keep all their emails and access the free, open-source Android mobile operating system. At this time it is also the most popular mobile OS in the world.) One may argue that the scales aren’t balanced, but it is clearly a symbiotic relationship whereas both parties benefit and, for the most part, feel comfortable with that relationship.Google certainly has an incentive to keep and protect user data. If you think about it for a moment, you realize that people generally tend to confess more to Google than they do to their own spouse or a priest.


Every day users search for advice on medical or emotional issues, entertainment advice, managing habits, and other areas of the human psyche that may be considered extremely personal. If your browser search history was released publicly it might cause some discomfort, an annoyance or an outright embarrassment. The Bconnected Project and Berkeley located at http://bconnected-project.berkeley.edu states: “Google, an established provider of web-based services, has gone to great lengths to protect against threats. Google runs its data centers using hardware running a custom OS and file system. Each of these systems has been optimized for security and performance.


The Google Security Team is working with external parties to constantly test and enhance security infrastructure to ensure it is impervious to external attackers. And because Google controls the entire stack running our systems, we are able to quickly respond to any threats or weaknesses that may emerge.” (BConnected Project)



📷📷 Why would Berkeley need to reassure its users about Google’s security? Google has, in fact, passed several stringent security audits specifically focused on internal cyber security operations. Another interesting data protection complication comes from the Google business model. Google not only hosts its own services, it also provides third-party hosting services. In essence Google shares a very small percentage of its computing power with a large set of customers who host their data and services for theirown set of customers and users. Sometimes this is done simply using Google’s computing resources with very little involvement from them. Other times it is a full partnership. In either case it is easy to see why Google would take protection of user data extremely seriously. Collecting metadata is not always ideal for customers.


Organizations might be able to state that metadata does not provide identification or information regarding an individual. When initial HIPAA laws were being formed and implemented, interesting conversations around concepts such as this were abundant: In order to maximize personal information protection, a medical agency decides to only release the patient’s ZIP code and basic medical information. What if that ZIP Code belongs to a town of 1,000 people, and the medical information includes the fact that he or she has one arm? The identification is rapidly made back to that patient. The danger is that in many cases, with just a little cross-referencing within a data set, the metadata can reveal some startling facts and very personal information. Let’s take a more modern day example of a law enforcement agency claiming they do not need a court order to get metadata on phone records.


The typical argument states they are not getting information about the conversation, but simply obtaining metadata for large data analytics. Herein lies the problem: even though your phone conversations are not being recorded or obtained, law enforcement may infer things about you and your habits depending on:


Who you called

When you called

The frequency of your calls


Many people fear this is a very sly method for treating a person guilty and ultimately shifting the burden for proving innocence to them.




source:


Furthermore, metadata can hurt the concept of open press and media if anonymous sources and whistleblowers fear that coming forward may make them readily identifiable. Although there tends to be a love/hate relationship between the general public and whistleblowers, we can’t forget that some of the most revealing instances of governments and how they truly operate have come from whistleblowers.


This includes historical instances such as the Snowden papers, Watergate, the Pentagon papers, and many others. Michael West from the Sydney Morning Herald stated on March 15th, 2015:“There has been some talk that the impending metadata laws will contain protections for journalists and their sources.


This is hard to take seriously. Four years ago, we received a call from an official at the Australian Securities and Investments Commission. The caller told us the majority of the wire-tap warrants sought by the agency in the previous year had related to an investigation of leaks from the agency itself, leaks which apparently resulted in a story in Fairfax Media” (West 2015). In the day of heightened national security and public discomfort with the breadth of power it unleashed, it is getting more difficult to imagine governments that serve the populace versus political parties and individuals in powerful positions. The media has, in a majority of instances, provided our society’s only check and balance against illegal and unscrupulous government officials and programs invading privacy in our daily lives. Open press is a dear ideal in our society.


To continue on topic, many lawmakers are currently taking up the fight for protecting personal information.  Some believe that most major data breaches compromising personal consumer information are merely written off or financially covered by large insurance policies. Benjamin Dean on May 5th 2015 on Quartz stated: “When we examine the evidence, though, the actual expenses from the recent and high-profile breaches at Sony, Target and Home Depot amount to less than 1% of each company’s annual revenues. After reimbursement from insurance and minus tax deductions, the losses are even less.” (Dean 2015)





Although one could argue it may take years to fully understand the complete repercussions and true cost of the Sony breach, there is little doubt that financial motivators exist to pressure most organizations to protect consumer data. This is the possibly the strongest indicator as to why regulation is needed. Regulation on how to use data for law enforcement, marketing, and research may also provide consumers more confidence. And that confidence is absolutely critical for maintaining public trust in systems of banking and consumption within a society.


Regulation alone will not improve cyber security. Government and private sectors have always worked well and efficiently when their goals have been aligned.Javier Ortiz in the August 6th 2014 publication of The Hill stated:“Public-private cybersecurity partnerships are most ideal, because the private sector also has significant work to do to combat cyber threats – and the financial services industry faces some of the most serious risk.” (Ortiz 204) Furthermore, governments can create excellent conduits of information such as the collection of threats information targeting industries, then share that information with industry-specific consortiums. “The government is in a unique position to be the focal point for collecting information on cyber threats and using advanced analytics to gain situational awareness and deliver actionable intelligence. Government agencies can collect information from organizations within a single industry as well as multiple industries. Advanced big data analytics can then be applied to understand cybersecurity trends and risks.” (Lakhani and Menegon 2015) 📷📷 image source: https://libertyblitzkrieg.com/wp-content/uploads/2015/04/Screen-Shot-2015-04-20-at-1.16.22-PM-1024×683.jpg


We are in new territory in the information age. The concept of that age might be upstaged by the dawn of widespread use of big data coupled with powerful analytics. Big data analytics has historically been used to protect nations against attacks by determining and predicating the likelihood of threat events, vectors, and threat actors. This is rapidly shifting to consumer behavior analysis. Businesses can use the data to maximize revenue through targeted marketing to individuals with the use of specific technologies in a way that is almost unimaginable. Consumers benefit in this model by getting the exact products they want, at lower cost, and when they want them through analytics delivering new, powerful methods of creating market efficiency.However the danger is simply this…unprotected data puts a wide range of individuals and entities at risk. Unprotected data can lead to creating false information, notions or incomplete trend views. Another aspect impacting this discussion is that if consumers believe their data is not protected, they tend to evade providing it as best as possible. This disrupts how efficiently data is collected and the accuracy of it.


Criminals will always try to use data to commit fraud and identity theft when possible. Large data breaches, such as seen with Target and other organizations, causes businesses and ultimately the government to lose trust. This, coupled with waves of lawsuits, regulations, and other business hindrances, is becoming an almost unsupportable model from a compliance versus cost perspective. The real answer? Simply this: protecting data is the responsibility of all involved parties. Easily said. Very difficult to implement. But as I watch general security trends I think we, as a society, are catching on and I have faith in the future.


References


Dean, B. (2015, March 05). Orry consumers, companies have little incentive to invest in better cybersecurity. Retrieved March 15, 2015, from http://qz.com/356274/cybersecurity-breaches-hurt-consumers-companies-not-so-much/


How does Google protect its infrastructure against hackers and other threats? Is my data safe from other customers when it is running on the same servers? (n.d.). Retrieved from http%3A%2F%2Fbconnected-project.berkeley.edu%2Ffaq%2Fsecurity-and-privacy%2Fhow-does-google-protect-its-infrastructure

John, H. S. (2013, November 11).


Why Metadata Has Always, and Will Always, Matter. Retrieved March 15, 2015, from http://www.fool.com/investing/general/2013/11/11/bottom-line-profits-why-metadata-matters-to-compan.aspx

Lakhani, A., & Menegon, A. (2015). Do Public and Private Sector Partnerships Make Sense in Cybersecurity? Retrieved March 15, 2015, from http://www.wsta.org/resources/articles/public-private-sector-partnerships-make-sense-cybersecurity/

Lakhani, A., & Menegon, A. (2015).


Do Public and Private Sector Partnerships Make Sense in Cybersecurity? Retrieved March 15, 2015, from http://www.wsta.org/resources/articles/public-private-sector-partnerships-make-sense-cybersecurity/

Ortiz06, J. (2014, August 06).


Government needs the private sector to improve cybersecurity. Retrieved March 15, 2015, from http://thehill.com/blogs/congress-blog/technology/214361-government-needs-the-private-sector-to-improve-cybersecurity

West, M. (2015, March 15).


Metadata retention laws will hurt big-business whistleblowers. Retrieved March 15, 2015, from http://www.smh.com.au/business/comment-and-analysis/metadata-retention-laws-will-hurt-bigbusiness-whistleblowers-20150313-142pej.html

Comments


Commenting has been turned off.
bottom of page