Almost every day, a fresh batch of attack incident and breach reports detailing the latest victims of hacking, fraud, incompetence, espionage and apathy seem to dominate tech news.
The total number of attacks and accumulate volume of affected data is staggering, and 2018 has been no exception.
So far, this year’s round of scammers have been the most prolific, making 2018 an especially bad year for breaches. In late July, accumulate compromised record totals were estimated around 4.5 billion. Only seven months into 2018 and the running tally had nearly doubled the 2.5 billion annual total for all of 2017. By October, that tally had surpassed 5.7 billion records without slowing down.
Below is a summary and comparison of a few larger breach examples from the last couple years:
|Xbox and PSP
|Deep Root Analytics
|Kansas Dept of Commerce
|South Africa (Jigsaw Holdings)
It may seem like attackers have been working around the clock to innovate and invent novel methods and tools to help them keep their advantage and realize such unprecedented success … but that’s simply, and somewhat confusingly not the case. Not many ‘new’ means for accessing and stealing data have been devised (or discovered) in recent years, and many believe that’s at least partially because hackers and scammers don’t really seem to need them.
As the total number of attacks and compromised record counts steadily increase, users are and will continue to be the same human beings, with the same predictable vulnerabilities that have been taken advantage of and exploited for years. Rather than waste time and effort developing something new, most perpetrators can just keep using greater and greater volumes of the same old tricks and tools to successfully predict, leverage, or manipulate enough human users to make it worth their while.
The largest and most damaging breaches are not happening at under-prepared small to midsize businesses, but at much larger firms and organizations with substantial funds and resources invested in their data security posture. Even so, it’s almost comical that outdated “We’re safe … they can’t get us” attitudes persist in spite of the billions of records being stolen annually, and the trillions of dollars (not including fines, penalties, and lost revenue) that continue being spent in trying to avoid or defend against attack.
We’ve all heard the broken-record before: “no-one is safe, and the question is not IF you will be breached, but WHEN you will be breached - assuming, of course, it hasn’t happened already.” For skilled attackers, traditional security is more of a nuisance than a barrier, and it’s become abundantly clear that until they encounter something they haven’t seen before, it makes no difference how much money is spent, how much effort is put out, or how sincere and passionate that effort may be.
The hackers and scammers already know how to defeat outdated and old-fashioned perimeter-focused tools, and neither can do anything to stop the onslaught of breaches, so if the standard, sub-standard approach is no longer working … perhaps it’s time to try something new.
What if, once they were inside a network or resource the attackers had nothing to steal? Created to achieve exactly that goal, DataStealth is a fresh tool in the ongoing battle against data-thieves. After deployment, DataStealth appliances affect data such that only authorized users and use cases can make any sense of it. Period.
If the perimeter defenses surrounding a DataStealth-protected resource are breached, any stolen “information” would be useless, worthless, and computationally infeasible for anyone else to decipher or understand. Like breaking-into a bank vault that’s either empty or full of concrete, DataStealth goes far beyond mere encryption to nullify inadequate security measures and ensure that assailants and thieves simply can not steal something that is not there.
DataStealth inspects network traffic, identifies candidate data according to predefined protection policies, extracts said data in real-time, and replaces it with a ‘smart’ placeholder value. The real information can be injected back into a data stream later, but only for authorized users and for authorized use cases.
The DataStealth solution combines privacy, regulatory, compliance and other standards or requirements, with a suite of tokenization, de-identification, and encryption options. Data protection policies are flexible, easily configurable, and apply to any and all data passing-through a DataStealth appliance.