Data protection is a complex challenge, and it demands attention at every level of an organization. PKWARE's in-house experts are here to help you stay up to date on best practices, emerging trends, and new resources for enterprise data security.
Cybersecurity isn’t the easiest thing in the world to visualize. Since we don’t actually see information as it travels across networks or is written to disks, it can be difficult to picture exactly what needs to happen in order to keep data safe.
So just for fun, we’re going to do a bit of time travel to see what today’s data protection concepts would look like if they were applied to paper files instead of digital ones. We don’t need to go back too far—40 years will do the trick—to arrive at a time when the vast majority of information was still being created and stored on paper.
Imagine, if you will, that it’s 1978. Most large companies are already using computers to perform certain tasks, and early adopters are beginning to buy personal computers like the TRS-80 and Apple II. The majority of workers, however, still do their work on paper, and that’s what you’ll be doing today after your $1.75 taxi ride to the company headquarters.
In the life of every important technology, there’s a tipping point—a moment when the technology ceases to be a niche product or an emerging concept and becomes a part of everyday life. For mobile phones, to choose an obvious example, that moment came almost twenty years ago. For cloud computing, it was perhaps five years ago. For encryption, it’s happening now.
We've seen plenty of massive data breaches in recent years— thefts that involve the personal info of hundreds of millions of people and cost the affected companies hundreds of millions of dollars. So far, however, we seem not to have learned our lesson. Cybersecurity continues to take a back seat to dozens of other issues in corporate boardrooms, in legislative chambers, and in the media.
It's time to ask the obvious question: how much worse do things need to get before our attitudes change?
The rising epidemic of data breaches, the evolution of internal and external cyber threats, and increasingly demanding privacy regulations have put pressure on companies around the world to become more proactive about protecting sensitive information against loss, theft, and misuse.
For many organizations, a proactive approach to information security means establishing data governance policies and creating an operational framework for encryption. Strong data encryption is the best way to secure data while allowing the right people to access it, and has become a must-have component of information security in the eyes of consumers, government regulators, and corporate boards. But encryption alone is rarely a complete solution.
It's easy to say that our society needs better cybersecurity. The daily barrage of cyber attacks against companies, government agencies, and individuals has made that that clear enough.
The hard part is finding a path forward— developing a strategy that involves the right stakeholders, addresses the right threats, and strikes the right balance between privacy and security. It seems that for every step we take toward better security, we take a step back as politicians, law enforcement officials, and corporate leaders continue to pursue conflicting agendas.
What happens when someone sees a USB drive lying on the sidewalk? About half of the time, as multiple experiments have demonstrated, the person will pick up the drive, take it home, and plug it into his or her computer.
What happens next depends on what’s on the drive. If it contains identifying information, the finder might return it to its rightful owner. If it contains malware, it might kick off a widespread cybersecurity crisis. If it contains a few gigabytes of classified airport security information, including patrol timetables and maps of the security facilities used by foreign dignitaries, it becomes one of the most embarrassing security breaches of the year.
Two months after it first disclosed the theft of 145 million consumers' personal information, Equifax is still finding ways to make the story worse.
In the latest round of congressional hearings, Richard Smith, Equifax's former CEO, confirmed that the lack of encryption on the stolen data was not caused by an error or oversight, but by a conscious decision not to encrypt. That decision seems questionable, to say the least, given that the people whose data Equifax lost had essentially no say in whether their information was part of the database to begin with.
As perplexing as Richard Smith's testimony may have been, it was the company's new interim CEO, Paulino do Rego Barros Jr., who provided the day's most difficult-to-believe sound bite.
The world got a glimpse of the future in December 2015, when hackers—presumably Russian—shut down a Ukrainian power station, leaving hundreds of thousands of people without electricity.
Although numerous reports had documented the vulnerability of power grids to cyber threats, the Ukraine breach was the first large-scale demonstration of the havoc a hostile organization can create with an attack on public infrastructure. In this case, power was restored after a few hours with relatively little lasting damage. The next time, things may be much worse.