Daren_Glenister_8 - Copy

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7

If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a rock. The leak unveiled new, yet unsurprising, classified material from the CIA; allegedly sharing information on the U.S. agency’s hacking tools. While individuals are concerned about these CIA tactics and whom they might be spying on, enterprises should be also be paying close attention.

The Good News: Encryption Remains a Staple in Cybersecurity

Despite all the hacking tools and malware at the CIA’s disposal, they were unable to read encrypted content from messaging services such as WhatsApp. While you may be surprised to discover the CIA struggled to read protected information, this is great news for enterprises using encryption to protect sensitive data from unsanctioned access. The CIA isn’t the only federal agency struggling to crack encryption codes. The FBI famously went to court last year to access records from an iPhone when investigating the San Bernardino shooting. Clearly, encryption presents challenges for those trying to gain access to data, and if our federal agencies are having trouble, that means hackers are struggling, too.

The Bad News: Devices are Top Security Targets

(Image Source: Shodan)

In the face of these hurdles, the CIA has also gone to great lengths to obtain information by other means – investing a lot of time into figuring out how to physically compromise data itself. Consequently, they’ve developed tools and mechanisms to access operating systems and devices. This poses an entirely new concern to enterprises trying to keep their information safe from malicious hackers.

Our society produces huge amounts of data that are constantly transmitted from device to device. Today, content and information is shared on phones, tablets, PCs, USBs, Smart TVs, and IoT devices – the list goes on and on, and it’s not going to get any shorter as we become a more connected world. You may think anti-virus tools or security software will keep your information safe, but even those resources can be shut down and used against an enterprise.

So, what’s a company to do? Is your data destined to be sucked into a hacker void? Well, no. But it does mean enterprises need to keep track of a lot more.

Tips for the Ugly Side of Enterprise Security

For enterprises conducting business across geographic boundaries, it’s important IT security teams keep tabs on the total number of devices being used, especially as users change habits and new vulnerabilities emerge. Data, more often than not, is confiscated by users losing their devices, and by weak and/or stolen passwords. Since employees typically reuse passwords, there is even more risk when a password is lost, as hackers take advantage of reusability and enter the same password to gain access to even more critical systems.

But what does security in a mobile and cloud-first world look like? If the WikiLeaks story showed us anything, it’s that enterprises need an information security strategy across devices, on-premises and in cloud networks. Enterprises can achieve this by:

  • Seeking tools that provide end-to-end encryption;
  • Ensuring mobile security through a secure container on each user’s device that is independent of its native OS security;
  • Protecting data that is on the move, especially as it is transfers across geographic boundaries or between business partners;
  • Providing secure, user-friendly tools that hackers won’t find a work-around and put company data at risk; and
  • Setting permissions so only the right users can access and share company information.

Reconciling the Good, Bad, and the Ugly

Although the WikiLeaks Vault 7 data dump didn’t reveal many revelations as to whom the CIA is spying on and how they’re doing it, it did provide some valuable lessons for enterprises. Despite having a slew of resources at their disposal, the CIA couldn’t crack WhatsApp encryption codes.

While this is great news, it also means hackers will follow the examples of the CIA and are turning to other attack methods by targeting devices and operating systems, which means enterprises need to employ the right tools and strategies to keep information safe. While the task is daunting, it’s not impossible. Keeping up with new attack methods and implementing a successful multi-layer security strategy, especially in the cloud, will be key as tools and user habits change in the years to come.

By Daren Glenister

Daren Glenister

Daren is the Field Chief Technology Officer for Intralinks. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.

Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.

View Website


Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security Don’t count on cloud providers to provide all your UCaaS security It’s official: Unified Communications-as-a-Service (UCaaS) has ...
Advances in Technology and Consumer Behaviour are Driving Transformation

Advances in Technology and Consumer Behaviour are Driving Transformation

Technology and Consumer Behaviour Advances in technology and consumer behaviour are driving a transformation in the way video content is ...
IT Service Management Strategy

Automation and the IT Service Management Strategy

IT Service Management Strategy It’s true. The full potential of automation cannot be fully realized until it is informed and ...
Secure Business Agility

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or ...
Salesforce Gets Serious About Its Security Ecosystem

Salesforce Gets Serious About Its Security Ecosystem

Security Ecosystem Salesforce is one of the fastest growing enterprise software companies in history and while security is a major ...


Where's Zuck? Facebook CEO silent as data harvesting scandal unfolds

Where’s Zuck? Facebook CEO silent as data harvesting scandal unfolds

Amid calls for investigation and a #DeleteFacebook campaign, company releases an official statement but its figurehead keeps quiet The chief executive of Facebook, Mark Zuckerberg, has remained silent over the more than 48 hours since ...
Lydia launches Lydia Premium

Lydia launches Lydia Premium

French startup Lydia announces two new things today. First, the company is launching a financial hub with multiple new products. Second, Lydia is announcing a new premium subscription to access those new features. “Today, we’re lucky enough to have ...
Demand for Augmented Reality/Virtual Reality Headsets Expected to Rebound in 2018, Says IDC

Demand for Augmented Reality/Virtual Reality Headsets Expected to Rebound in 2018, Says IDC

FRAMINGHAM, Mass., March 19, 2018 – Worldwide shipments for augmented reality (AR) and virtual reality (VR) headsets will grow to 68.9 million units in 2022 with a five-year compound annual growth rate (CAGR) of 52.5%, according ...
Uber said to be negotiating sale of self-driving tech to Toyota

Uber said to be negotiating sale of self-driving tech to Toyota

Uber  might begin selling its autonomous driving systems to outside companies, including major automakers, according to a new report from Japan’s Nikkei. The report claims that Uber has had talks with Toyota regarding supplying the automaker with ...
EU lawmakers to investigate alleged misuse of Facebook users' data

EU lawmakers to investigate alleged misuse of Facebook users’ data

BRUSSELS (Reuters) - EU lawmakers will investigate whether the data of more than 50 million Facebook users has been misused, the head of European Parliament said on Monday. Antonio Tajani urged the social media giant ...
Europe's New Privacy Law Will Change The Web

Europe’s New Privacy Law Will Change The Web

CONSUMERS HAVE LONG wondered just what Google and Facebook know about them, and who else can access their personal data. But internet giants have little incentive to give straight answers — even to simple questions ...