The year 2022 witnessed a surge in data breaches, leaving individuals and organisations reeling from the damage inflicted by cybercriminals. According to IBM’s “Cost of a Data Breach 2022” report, the average cost of a data breach reached $4.35m in 2022, marking a 2.6% from the previous year, when it amounted to $4.25m.
Over three quarters (83%) of organisations – not just banks – reported more than one data breach in 2022, while 60% said breaches led to increases in prices passed onto customers.
For that reason, GlobalData forecasts the global cybersecurity market will be worth $334bn by 2030, growing at a CAGR of 10% between 2022 and 2030. Software-based cybersecurity products will be the largest market segment, accounting for 44% of total revenue in 2030, with services contributing 39%.
Shoring up defences against data breaches can be challenging when current tech stacks cannot do the job, says Saswata Basu, CEO & founder of Züs.
His company uses private sharing technology to ensure complete privacy and security by dividing files into fragments, which are encrypted and then distributed among multiple storage providers.
Q: What are common vulnerabilities in the banking sector, and how do cybercriminals exploit that from your knowledge?
There are a couple of ways to exploit the sector. First, the user data is not encrypted, so certain individuals can see the data. People working for a bank, let’s say, could see the data because it’s not encrypted, and the user does not own it.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
Breaches often occur due to human error. For example, suppose someone falls for a phishing email and clicks on a link. In that case, they may inadvertently download a code that can extract information from their computer or allow unauthorised access.
The other option is an employee accessing an account with a vulnerable ID or password.
Q: How do you assess the impact of data breaches on banks and other financial institutions?
Lawsuits, especially civil lawsuits, could result in financial consequences. However, the greater harm is the damage to the bank’s reputation due to the data breach. This can lead to a loss of trust among customers, causing them to switch to other banks.
Generally, it’s not good for the long-term brand image if there’s a breach and you’re the trusted bank locally or nationally.
When it comes to technology, banks usually respond promptly to address any breaches. However, they are currently unable to do so with their existing technology. They may need to adopt new technology since the traditional data storage architecture is in one place and offers no encryption. And even where server site encryption exists, it can be compromised.
Q: You’ve mentioned lack of encryption as one of the reasons behind data breaches. What can banks do more specifically to combat data breaches and protect customers?
I mean, there isn’t a good solution out there. Which is something that we are working on. Once we have the solution, then banks and other financial institutions can use it.
It essentially consists of giving control of the data to the user. The user owns the data, so even if the breach happens at the server location, the data is not out there in the open and can only happen to one person. Therefore, fraudsters can only hack one victim, but the data breach cannot affect others.
Ownership and data encryption – the user should encrypt and privately share the data with the bank. Let’s say I am a bank customer – I would encrypt my data and then share it with the bank so that they can use it for their processing purpose or KYC or what have you.
That is the model we envisage – the new model that we are doing. If you look at our Vult app, which is a data storage app (similar to Dropbox or Google Drive or One Drive), it gives the user ownership and control of data, and the user then decides whether to encrypt or not. If they encrypt it, they can share the data, whether it’s with the bank or anyone else. That way, you are preventing the hacker from breaching the central database of a bank, and if they do that, they only see encrypted data.
We also fragment the data. One thing is to fragment the data into pieces so that even if you hack one server, you cannot get all of the data, and that’s how you do it – we do not replicate or make copies.
Data erasure is a technology different from replication, where you copy the data. Copies are vulnerable because you identify the weakest link and try to get that copy from a data breach.
Q: And you’re the founder and CEO of Zus and have been working in the field of data privacy for a long time. How receptive are companies at the moment to your solution?
I think they would definitely want to have a privacy solution – if you look at, let’s say, Apple, that’s what their brand is. But how do you get to that level? It’s not easy to have that structure built into the organisation, and it’s difficult to do that. You need to have discipline because you’re protecting a centralised server that can be easily hacked.
If you replicate data – which most companies do – you must also protect them in those places. It’s difficult, and there are no solutions today.
Once we have the solution, we will see whether they are willing to adopt it. Because of our technology, we make it simple to people to adopt them without having too many structures in place.
Q: When thinking about the crypto world, many crypto platforms have become the subject of massive heists lately, with hundreds of millions of dollars stolen in crypto coins. Do losses and recovery differ in the crypto world? Can the crypto world adopt solutions that banks and other institutions should consider?
There are two types of protections. One is for protecting coins – that is your assets. Then you have protection for data assets. You can encrypt data assets if you want or stripe the data across servers so that only a piece of data can be hacked. It’s hard to hack all pieces of data because you have to reach all servers. Let’s say I have the data in 15 servers – you cannot hack all fifteen; you can hack only one or the weakest one.
And in terms of currencies, we use split-key technology, which is a serverless technology. It splits the private key into two parts, and you keep one part on your phone and the other on your laptop. The transaction can only go through if the two keys are combined to form the original key.
So if a hacker were to hack your phone and get the private key of that phone, it wouldn’t work. That’s something we do without using ledger or hardware key like ledger. Those are the measures of protection we employ in the crypto world.
So that’s something we are awaiting and hopefully can become the standard in the future. We talked to several companies, and they are excited to have that kind of technology instead of hardware technology.
Q: What do you think it’s needed to face future challenges?
The way to protect against data breaches is complete data ownership.
The way our tech works is we generate the user who owns the data encrypts the data, and then generates a proxy key for the recipient of the data. So if you’re the bank and your public key is well known, then you basically can send that information to the bank by using the public key and not trust anyone with that public information.