Data Breaches and the Necessity of Top Tier Security

Top Tier Security Importance

In just a few years, information technology has quickly evolved into an indispensable and central part of our lives. Both personally and business-wise, those few who don’t rely on technology are either so far outside of civilizations that access is impossible or believed by the rest of us to be perplexingly eccentric. But just as these tools and services so integral to our lives have developed, so too has the dark side of technology progressed.

In February this year, hackers attempted to steal $951 million from the Bangladesh Central Bank; though the majority of the transactions were prevented, $81 million was lost to the Philippines and authorities have yet to track the responsible parties. But hackers aren’t interested only in financial gain. According to the Identity Theft Resource Centre (ITRC), 2015 saw 781 tracked data breaches in the US, the second highest record since the ITRC began tracking in 2005. Says Eva Velasquez, President and CEO of ITRC, “While the overwhelmingly prevalent motive for data breaches remains financial gain for the thieves, we saw a shift in new motives for obtaining sensitive and private personal data this year.”

Data Breach Incidents

Top 2015 breach type

The ITRC 2015 Breach List points to the business sector for nearly 40% of the reported breaches, followed by the healthcare sector at 35.5%, and the financial sector at 9.1%. Some of the famed breaches of 2015 include the CareFirst BlueCross BlueShield breach which pointed to vulnerabilities of the healthcare industry, the cyber attack of password management company LastPass compromising email addresses and password reminders, and the violation of health insurer Anthem which exposed 80 million patient and employee records. Though maintaining an extensive database which captures and categorizes US data breaches, the ITRC notes that their reported numbers are probably well below the actual due to many organizations preferring to keep security infringements private, fearing a backlash from investors and other potentially impacted parties.

The Risks & Implications

 

According to Gartner, by 2017 the average IT organization will spend 30% of its budget on security, risk, and compliance. Further, Gartner predicts that 2020 will see the existence of a black market exceeding $5 billion selling video data and fake sensors, and security costs addressing IoT security will increase to 20% of annual security budgets from only 1% in 2015. Says Ted Friedman, VP and analyst at Gartner, “The IoT has enormous potential to collect continuous data about our environment. The integrity of this data will be important in making personal and business decisions, from medical diagnoses to environmental protection, from commands to modify actions of machinery to identification and authorization of physical access. A black market for fake or corrupted sensor and video data will mean that data can be compromised or substituted with inaccurate or deliberately manipulated data.”

MIRACL, a key player in the internet cyber security space, is attempting to address Vulnerabilities via a new partnership with NTT. CEO Brian Spector discussed the necessity of security with CloudTweaks and states, “The systems, hardware, and methods of security that store personal or operational data (in the case of IoT/connected devices) are all vulnerable if conventional methods are used (digital certificates can be spoofed, username/password databases can be hacked). The best way to prevent a username/password breach is not to store usernames or passwords on a server. And the best way to prevent digital certificates from being spoofed is not to use them to authenticate your site to a user.”

Announced today, Apache Milagro (incubating) is an open source distributed cryptographic platform for cloud computing providing security beyond a single point of trust with distributed key pairings. Says Spector, “What Apache Milagro (incubating) offers is a better way to establish a secure web. No shared secrets. No user ID or passwords needed or stored (eliminating the single largest point of compromise). The M-Pin Protocol is a zero-knowledge authentication protocol meaning that the client can prove to the server that they are in possession of the original secret without having to transmit it to the server.

Undoubtedly, our security protocols need to develop as fast as, if not faster, than the services we already benefit from; implementing the best security solutions for your organization is crucial.

By Jennifer Klostermann

Dan Teichman
Cloud-Native Communications Historically, Communication Service Providers (CSPs) networks ran on purpose-built hardware. However, in the early 2000s organizations started to update their infrastructure, moving to virtualization. Now, providers are looking to take the next step, ...
Dmitry Chekalin
How Much Should a Modern Website Cost? A website is a valuable instrument for growing your business. Your website presents your brand to users. Also, it compels your prospects to become your customers. So, how ...
Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
James Corbishly
Teams Sprawl in the Remote Workspace As working from home has become the new everyday norm, with more employers embracing the remote-work model as a new and likely permanent fixture of the employment world, there ...
Episode 16: Bigger is not always better: the benefits of working with smaller cloud providers
The benefits of working with smaller cloud providers A conversation with Ryan Pollock, VP Product Marketing and Developer Relationships for Vultr.com - Everyone knows who the big players are in the cloud business. But sometimes, ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.