banner

Thales Blog

Time To Encrypt And Protect - When Data Can Defend Itself

March 8, 2016

when data can defend itself 2Let’s start out with a story. The world was once enormously different. But then we moved digital. The problem? We blinked and data became the new currency. If it wasn’t personal information, than it was financial data or intellectual property, or in a recent sequence of events, data on children – it all has value, and that means we must vigorously protect that data. To do that, we must understand the whole story around our sensitive information.

ClickToTweet: Time to Encrypt and Protect - When Data can Defend Itself @socialtis http://bit.ly/1UQEHOj

Another day, another hack and in light of recent breaches, I wanted to recap a few that stood out:

  • uKnowKids.com: The online database company selling parental monitoring tools required no authorization to access its database. The site contained over 6.8 million text messages and nearly 2 million images, belonging to 1,700 child profiles. Profiles included full names, email addresses, dates of birth, GPS coordinates, social media logins and other information. Here is a quote from one of their executives:

“With respect to customer data, no financial information or unencrypted password credentials were vulnerable. However, names, communications, and URL data was exposed for about 0.5% of the kids that uKnowKids has helped parents protect online and on the mobile phone,” Steven Woda, co-founder and CEO of uKnow wrote.

This leaves me with one very critical question – why leave data exposed?

  • Nissan Leaf: Nissan disabled an app that allowed owners of its electric Leaf car to control heating and cooling. Why you ask? A security researcher used those same controls to access other cars. Turns out, the NissanConnect EV app enabled a remote hacker to access individuals’ temperature controls and review their driving record (all that information was brought to you by knowing a car’s vehicle identification number). While there are a number of issues with this vulnerability – the major problem is that before the researcher published a blogpost on the vulnerability, he reported it to Nissan and contacted the company multiple times. Umm – hello Nissan, it’s me, urgency!
  • Hollywood Presbyterian Medical Center: A Los Angeles hospital paid $17,000 to cyber attackers who encrypted their files, requesting a payment for the data. The hospital agreed to pay the ransom in the interest of finding the quickest and most efficient way to access data. Systems were restored 10 days after malware locked access to its database. In this scenario, the ransomware victim had two options, pay the ransom or permanently lose access to files. The better option? Don’t allow data to be up for ransom in the first place.

While one breach seems to be melting into another, breaches have taken a turn for the worse. Let’s face it – when it comes to cybersecurity we shouldn’t run into security deja vu:

  • UC Berkeley: UC Berkeley revealed in late February that 80,000 current and former faculty, staff, students and vendors were compromised in a cyberattack. If the UC Berkeley news is causing you some deja vu, that’s because numerous higher education institutions (from Harvard to Penn State) were hit with breaches last year. And UC Berkeley revealed a breach last Aprilthat involved unauthorized access to a Web server maintained by the school. They also disclosed a separate breach in late 2014 involving servers and databases.

The breach landscape is rough which is why we decided to personify security solutions and some of the ways to prevent malicious attacks.

Labeled as The Data Defense League, we developed 5 characters that are instrumental to protecting data in ‘Datatropolis’. In Datatropolis, billions of transactions occur in an info-hungry world. Clearly every citizen, business and government agency is at risk. So what would data look like if it could defend itself?

Face EncryptoFace HackenatorFace CypheraFace CognitoFace Dr Shielding

 

 

 

 

CoverEncrypto: The power of transparent encryption – you won’t lose it because hackers can’t use it

Hackenator: A true developer’s hero, now you can hide data in plain sight and remove databases from compliance audit scope

Cyphera: Rest assured – the clouds are safe ahead

Cognito: Working with your friendly neighborhood security solutions, he identifies malicious insider threats

Dr. Shielding: The brains and leader of The Data Defense League

These five data heroes guard against data attacks – this is what data looks like when it can defend itself. You can check out The Data Defense League here: Vormetric.com/datatropolis

While we realize security is so much more than characters, in the world of security there will be many triumphs to come.

So what’s the synopsis at the end of the comic? Big or small, cutting-edge cybersecurity solutions are out there. Individuals rely on researchers and solutions to uncover vulnerabilities in systems. But this story is about individuals who place their trust in companies. These companies need to step up, take action and learn from past mistakes. This whole ‘another day, another hack’ mantra must end and while The Data Defense League can’t exactly save the day in real life, I hope that what they stand for can. Don’t worry this story and breach landscape is not over but instead, ‘will be continued.’

Check out The Data Defense League in action here: https://www.youtube.com/watch?v=kx76nbS-IuM