Data Violated: Book Review of ‘Breach’

Deepak Maheshwari, head of government affairs with Symantec, reviews the book,  'Breach' by Amrita Chowdhury

The Context

Hardly a day goes by when one does not come across at least one more instance of data breach, whether attributed to illegal or unauthorized access by a criminal or due to sheer negligence or ignorance of the data owners and collectors. And, these instances are only becoming bigger in scale, wider in their impact and deeper in their extent. Cyber crime is no longer a playground for the script-kiddies. Rather, it has evolved into organized crime with blurring of online and offline worlds.

The Plot

‘Breach’ is a fictional narrative of how some innocuous loopholes lead to data theft, causing a whirlwind in the lives of not just the characters in the story but also for the patients of a life-threatening disease as well as their families and doctors. The thread straddles across the US and Asia, with occasional sojourns via Europe, leading to a complicated and challenging quest to identify the perpetrators who have their own complex (and at times, not so complex) way of socializing through the Internet, of course. Stuxnet, Heartbleed and Trojans – they are all in here; and then, some.

It is a tale of intra and inter-corporate rivalry, and a tale of human emotions. There are tales of expatriates and developmental activists; passion and break-ups; teenage romance; smuggling and piracy - intertwined with the debate on patent regime for innovation and brief tutorials on different ways in which information security is often breached.

The Structure

Bite-sized episodes, usually of just two or three pages, make it an easy on-the-go read. Descriptions of places and people are vivid though some of the brands may be beyond the comprehension of those not familiar with India. Author is at ease with describing the lives of high-rise buildings, shiny offices and five star hotels of Mumbai. Victorian buildings with ‘fluted columns’ seem to be especially fascinating. However, the description of the city’s underbelly and the lives therein seems a bit sketchy.

Though the storyline is taut, but one is still left wondering how Vir veers into becoming Veer and why there is no CEO of the US Company though the chairman does act and sound like one.

The Underlying Thread

However, at a deeper level, it is a story of what can go wrong in the way we use technology and what we can and should do to stay safe and secure. Though essentially a tool for enriching quality of life, technology must foster, sustain and reinforce the trust and Information and Communication Technology (ICT) is no exception to this basic premise.

Combination of SMAC (Social media, Mobile, Analytics and Cloud computing) and IoT (Internet of Things) are creating a new paradigm of hyper connectivity posing challenges of data delusion across three Vs – Velocity, Variety and Volume. Enormous amounts of data is being continuously generated, captured and consumed on billions of devices, transmitted through optical fiber and wireless networks, stored in large datacenters and analyzed by a bevy of myriad algorithms.

Despite extremely low level of ICT penetration, according to Symantec’s Internet Security Threat Report (ISTR) India was the third largest source of malicious activity and in fact, when it comes to spam zombies, it leads the world accounting for one out of 10 globally. According to the 2013 Norton report, the annual loss due to cybercrimes in India stood at $ 4 bn.

Obviously, we need to better protect our infrastructure, networks, devices, information and people especially considering that India is undertaking visionary programs like ‘Digital India’ to transform lives of its 1.26 bn people.

The Lessons

So, what can and should one do to stay safe and secure? Cyber security is about managing risk, whether at the individual level or organizational level, or for that matter, at country level. It starts with assessing the risks, developing a plan and implementing the same with continuous review mechanism. Majority of the cyber attacks can be mitigated through basic cyber hygiene just like basic hygiene and vaccination can mitigate most of the common diseases.

The basics entail securing every computer and communication device (mobile is a computer, legally and technically); using strong passwords and different passwords for different services; second factor authentication and end-to-end encryption; using genuine, licensed and updated software (pirated stuff is often a conduit for malware); using data loss prevention techniques (not all data has equal value). Last but not the least, information security is about people, process and technology with people as often the weakest link in the chain!

So, take charge of your own security and privacy and share only what you must rather than what all you can. After all, it is fairly easy to build a rich profile of someone just by piecing together discrete information spread across social networking sites.

The Parting Thought

Robin Cook has been writing thrilling novels around medicine and healthcare for the past four decades and Arthur Hailey was a master in imparting much more than ‘101’ of a particular industry in each of his novel. While not comparable to a book by either of those two master storytellers, ‘Breach’ is a bold attempt in coalescing those two genres by interlacing information security and drug discovery in a gripping and fast-paced story.

The old adage “Better Safe Than Sorry” still holds true!

The author is head of government affairs with Symantec; views are personal.