Feedback
Tech

Data Security Goes Mainstream After High-Profile Hacks

Image: A server room at a Facebook data center.

A server room at a Facebook data center. JONATHAN NACKSTRAND / AFP - Getty Images, file

Personal online data is hacked or harvested for marketing purposes every day -- and public perception is finally changing after incidents like the celebrity photo iCloud incident and massive Target data breach, cybersecurity experts say.

Companies are trying to tap into that newfound public awareness with privacy-focused tools. But the concerns about data are complex, and solutions are elusive because personal information gleaned from how, when, and where people use the Internet is more valuable to marketers than ever before.

"I go to parties now and I feel like a C.P.A. at tax time," said Jason Glassberg, co-founder of consulting firm Casaba Security. "People have had things happen to them personally, so average Joes are starting to wonder: Where is all my data going?"

Security experts weren't fielding questions about data privacy from regular folks at the supermarket two years ago, Glassberg and other security experts told NBC News in interviews. But the stream of headlines involving major companies means the general public is beginning to grasp the importance -- and the complexity -- of personal online data and how it's used.

Hospitals using credit card data to track patients 0:21

'Everything is interconnected'

"The Target breach might not go down as the biggest, but it crystallized how pervasive the problem is," Glassberg said. "Hackers got in by attacking an HVAC vendor that Target used. Everything is interconnected, and the public is beginning to see that now."

According to a Harris Poll of 2,000 American adults that was released Monday, more than four out of five people feel their personal information on the Web is less private now than it was one year ago.

And about three-quarters of the people polled said Internet companies know too much about them. Mozilla, the non-profit maker of the Firefox web browser, commissioned the Harris Poll in part to mark its 10th anniversary.

Mozilla also announced a few privacy-focused tools for the Firefox browser on Monday, including a new "Forget" button that will delete browsing and download history, cookies and other traces of online activity in a single click.

"All of these browsers offer you the tools, but only if you're willing to dig deeply into advanced settings menus," Firefox vice president Johnathan Nightingale said. "Simplicity's really hard. But if it's not a solution that's simple to understand and use, it isn't a solution."

The general public has been aware of and concerned about malicious attacks for some time, Nightingale pointed out. But companies' use of personal data for advertising purposes is intentionally confusing, he said, and it's quickly become an even larger concern for some of Mozilla's users.

"People are starting to understand that if you let your data get away from you, you can't put that genie back in the bottle," Nightingale said.

A Day in the Life of Data 3:26

'It feels intrusive'

But it's not always clear when our data "gets away" from us, and it's harder still to stop it from happening.

"There's a creepy factor, especially when it involves your medical history or personal habits," said Chester Wisniewski, a senior advisor at the security firm Sophos who writes for the company's Naked Security blog.

"When I'm on the computer it feels like a private experience," he said. "And if I suddenly start seeing banner ads for cigars following me around the Internet, it feels intrusive. I might wonder if my insurance company knows I smoke them sometimes."

Mozilla's Monday announcement taps into that concern and frustration, as do the security-heavy marketing efforts from companies like Apple, which has stressed that its Apple Pay mobile payment service doesn't share card information with retailers.

"When you see regular companies marketing security as a differentiator, that’s how you know something has hit mainstream," said Glassberg, the Casaba Security co-founder.

Despite efforts from privacy-minded companies, however, the fact remains that personal data is worth billions to data aggregators and marketers, Glassberg said. As privacy tools roll out, marketers will simply circumvent them with new technology, he added.

The future of Big Data online

"Whenever you have this money as a driver, you're not going to get rid of an entire industry," Glassberg said. "But I would like to see some kind of general rules of engagement, a basic expectation that you know what you're giving up when you visit a site. I think we're heading in that direction."

Wisniewski suggested a certification program in which online companies could pay for privacy-focused advocacy groups -- likely working with for-profit firms -- to audit their use of personal data. Those who use it responsibly and are transparent could receive a seal or a letter grade that assures customers they're on the up-and-up.

No move will stop personal data from being hacked or harvested for marketing purposes, but both security researchers said it's an improvement that the average Internet user is becoming aware that that's the cost of doing our online business.

"The fact that you can go to 4.5 billion websites .... that's not for free," Wisniewski said.

Glassberg agreed.

"I think that’s on the cusp of becoming the next wave of public realization," he said. "Nobody's safe because everyone is out there."