third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Detailed section » 6 Grip on information<br />
[53: UvA 2012][14: Google 2012][23: MS 2012-2]<br />
information more easily and quickly.<br />
Despite the fact that the risks are not sufficiently clear, the ‘migration<br />
to the cloud’ continues unabated.<br />
Social media<br />
A digital society without social media such as Twitter and Facebook<br />
is now inconceivable. Governments, companies and citizens are<br />
increasingly prepared to use this medium to share information with<br />
the rest of the world. [169] This unstoppable trend also entails threats,<br />
[39: Ordina 2011]<br />
such as:<br />
»»<br />
Sensitive information is (accidentally) made public.<br />
»»<br />
Information is abused during social engineering attacks.<br />
»»<br />
Information and individuals are linked to each other, which may<br />
leave potentially unwanted connections visible.<br />
»»<br />
Disclosure of information allowing passwords to be obtained.<br />
For example, through the use of social media, business details,<br />
research results or customer information can be leaked, sensitive<br />
information about staff can be disclosed or the organisation may<br />
be presented inaccurately or negatively. As a result, the organisation<br />
may suffer (reputational or financial) harm or become more<br />
vulnerable to cyber attackers. Furthermore, social media can<br />
undermine individuals’ security (sabotage and blackmail).<br />
Facebook receives 2.7 billion clicks every day, [170] unveiling much<br />
(personal) information without this being noticed. Apparently<br />
innocent information can in combination reveal a detailed picture<br />
[42: PNAS 2013]<br />
of users.<br />
Users’ individual characteristics and preferences provide malicious<br />
attackers with information about potential victims. For example the<br />
recently introduced ‘graph search’ [171][172] functionality on Facebook<br />
offers malicious attackers an (easy) way of gathering information<br />
about potential victims.<br />
Social media companies changing the privacy terms and standard<br />
settings of their network sites are a further risk to privacy or may<br />
breach privacy guidelines. [173][174][175]<br />
6.4 Risks resulting from declining grip on information<br />
execution or ensure that sufficient safeguards are provided with<br />
respect to these security measures. [177]<br />
In its review of 2012, the Dutch Data Protection Authority (CBP)<br />
noted that the government is increasingly collating and linking<br />
personal details. [2: CBP 2013] Given that in many cases citizens are<br />
obliged to hand over personal details to the government, it is<br />
essential that citizens can be confident that these details are<br />
handled carefully, in accordance with the Dutch Data Protection<br />
Act. However in practice it appears that the government – spurred<br />
on by technological developments combined with the desire to be<br />
efficient and achieve customer satisfaction – is increasingly linking<br />
personal data from different databases to then use this data for<br />
completely different purposes than those for which they were<br />
originally collated. Our digital data is also constantly being used and<br />
[8: Tokmetzis 2012]<br />
processed by other parties in risk and customer profiles.<br />
Power of information of the major players on the internet<br />
The major players in the field of social media, search engines and<br />
web shops have access to an unimaginable volume of data from<br />
which they can distil all sorts of profiles. These players are increasingly<br />
starting to commercialise this data. Providers such as Google<br />
and Facebook are increasingly linking more services to a single<br />
experience and position themselves as the personal access portal<br />
to the internet. A survey carried out by the Rathenau Instituut<br />
reveals that as internet users, we not only lose control over our<br />
personal data. Far more importantly, we also lose control over our<br />
supply of information. [178]<br />
Privacy monitor concerns include combining personal data<br />
obtained on various (online) services [179] ,gathering data on internet<br />
users’ surfing behaviour [180] and the permanence of data on the<br />
internet (de-Googling).<br />
One example is that our searches are being influenced [181] and<br />
increasingly personal. [41: Olsthoorn 2010] They are supplemented on<br />
the basis of search terms entered previously, internet behaviour and<br />
the location the search is performed from. As a result, everyone gets<br />
»<br />
Privacy risks<br />
The details of the average citizen in the <strong>Netherlands</strong> appear in<br />
hundreds if not thousands of files in both the public and the private<br />
sector. [176] We are concerned about our privacy: the Electronic Patient<br />
Dossier (EPD), the public transport chip card, the central database<br />
of fingerprints, camera surveillance all around, the monitoring and<br />
tapping by the investigation services of internet and telephone<br />
traffic, etc. Everyone needs to be able to trust that their personal<br />
details are sufficiently secured against theft, loss and misuse of<br />
personal details, such as identity fraud. Companies and governments<br />
that process personal details must secure these details in<br />
accordance with the Dutch Data Protection Act (Wbp) and put in<br />
place appropriate technical and organisational measures for<br />
169 http://royal.pingdom.com/2013/01/16/internet-2012-in-numbers/<br />
170 http://royal.pingdom.com/2013/01/16/internet-2012-in-numbers/<br />
171 http://newsroom.fb.com/News/562/Introducing-Graph-Search-Beta<br />
172 In the <strong>Netherlands</strong>, Facebook will offer this functionality under the name ‘Search in Facebook<br />
sociogram’.<br />
173 http://www.cbpweb.nl/Pages/pb_20121016-privacyvoorwaarden-google-in-strijd-met-eurichtlijn.aspx<br />
174 http://www.cbpweb.nl/Pages/med_20100513_facebook.aspx<br />
175 LinkedIn: Ads enhanced by the power of your network.<br />
176 http://www.cbpweb.nl/Pages/rap_2009_onze_digitale_schaduw.aspx<br />
177 http://www.cbpweb.nl/Pages/pb_20130219_richtsnoeren-beveiliging-persoonsgegevens.aspx<br />
178 http://www.rathenau.nl/actueel/nieuws/nieuwsberichten/2012/03/online-keuzevrijheidconsument-beter-waarborgen.html<br />
179 http://www.cbpweb.nl/Pages/pb_20121016-privacyvoorwaarden-google-in-strijd-met-eurichtlijn.aspx<br />
180 http://www.cbpweb.nl/Pages/med_20121005-volgen-surfgedrag-internet.aspx<br />
181 Vara: Google-bubble: You are what you search, http://kassa.vara.nl/tv/afspeelpagina/<br />
fragment/google-bubble-wat-je-zoekt-ben-je-zelf/speel/1/<br />
77