Can the Cambridge Analytica scandal be a cybersecurity-related case study?

Can the Cambridge Analytica scandal be a cybersecurity-related case study?

Business and tech writer Paul Matthews takes a look at the Cambridge Analytica data scandal, and its cybersecurity implications.

In 2018, the entire world was shocked by the Cambridge Analytica scandal. A matter so important, it actually was discussed in GDPR, resulting in having its own section on big data regulation (especially its acquisition process). In 2019, the Cambridge Analytica still comes up in a variety of sectors, including cybersecurity. Let's analyse the matter in more detail.

Why data acquisition was regulated

In order to understand why data acquisition can be considered from a cybersecurity perspective, we must analyse why it was covered in the original GDPR legislation.

As many may know, during the Cambridge Analytica scandal, a lot of data points were bought from Facebook, which led many users to think about the fact that their data was secretly harvested and gathered without any form of transparency from Zuckerberg's company. Data acquisition, gathering and storing has been regulated for this very reason: in fact, in 2019, it is mandatory to explain whether or not that very data is being collected by any form of software/application.

Why can this be considered from a cybersecurity perspective?

Since 2017, big data has definitely been a topic which many (both programmers and business figures) have covered. The way tools and applications are acquiring data points has become so big (especially in the advertising sector) that many have decided to move towards this process exclusively.

Companies, to reference, which were building big data-related tools have decided to start fresh with architectures which were building audiences on data points, which opened so many windows in terms of hacking (whether if soft or hard). With this in mind, the need for some sort of software which could have controlled and secured this matter (we must keep in mind that data points are connected to an individual device, therefore, to potential delicate information.)

In practice

Although relatively difficult to understand, the regulation of data acquisition and its subsequent storing has impacted a vast variety of businesses worldwide, mainly the ones who were heavily relying on data tailoring for advertising purposes. Digital marketing practices like re-targeting based on data points are still extremely popular in big enterprises like Amazon, Apple and Walmart.

The power of data-driven digital marketing strategies has delivered an extremely positive RoI to those companies, especially before the Cambridge Analytica scandal when (as mentioned above) the acquisition of data points wasn't regulated in any form.

How to cyber-secure big data in 2019

From a security perspective, it's important to understand the fact that in order to regulate big data and its acquisition (whether if via cookies or any other channel) there must be some variable rules within the Python scripts which are normally used for acquisition.

As many of you may know, Python is the programming language which operates numbers and variables which, when combined, create the numerical script known as "data point". Having precise limitations within the code will lead to a far more regulated acquisition and storage of such numerical points, especially when passively gathered (cookies).

Although still in its embryonic form, data science and cybersecurity are definitely working together now. After the Cambridge Analytica scandal, the usage of far more regulated libraries and Python tools for data acquisition has definitely become mandatory for big companies (and small ones, eventually).

GDPR has thoroughly impacted the overall data science sector and its regulation, given the strictness of such legislation, has put a breaking point in regards to the evolution of data science as a whole.

What we can expect in the nearest future is the evolution of this very subject towards even more strict laws, given the fact that many Python libraries have been "surpassing" those blocks which were included within GDPR.