The world got a glimpse of the future in December 2015, when hackers—presumably Russian—shut down a Ukrainian power station, leaving hundreds of thousands of people without electricity.

Although numerous reports had documented the vulnerability of power grids to cyber threats, the Ukraine breach was the first large-scale demonstration of the havoc a hostile organization can create with an attack on public infrastructure. In this case, power was restored after a few hours with relatively little lasting damage. The next time, things may be much worse.

Read more ...

We’ve seen it in countless horror movies. The good guys, on the run from a homicidal maniac, barricade themselves inside a house. They booby-trap the yard, seal off the doors, and board up the windows, only to discover that the killer is already INSIDE THE HOUSE.

As familiar as the plotline might be in slasher films, it’s even more common in the world of cybersecurity. Organizations spend millions on firewalls, intrusion detection systems, and other perimeter defenses, only to find that their sensitive data is being compromised by their own employees and business partners.

Read more ...

Consider a typical AES encryption key: 256 binary digits, arranged into one of an unthinkably large number of possible combinations. You feel safe using that key, because you know that it would take every computer in the world, working nonstop for longer than the age of the universe, to produce that exact same combination of digits. Assuming you keep it protected, the only people who will ever know the key are the ones who are supposed to have it.

But have you ever stopped to wonder where exactly that combination of digits came from? The people trying to steal your data may be wondering the same thing.

Read more ...

Six months ago, the New York State Department of Financial Services formally adopted a set of cybersecurity requirements for banks, insurance companies, and other financial services companies that operate in New York. These requirements, commonly known as NYCRR 500, represent the first real cybersecurity law in the United States. After an initial 180-day transition period, several of the law's provisions are now in effect.

Read more ...

Even when you know you’re doing things right, it’s nice to get external validation, especially when it comes from experts in the field. That’s why we’re thrilled to report that PKWARE is listed three separate times in the latest Gartner Hype Cycle Reports for Threat-Facing Technologies.

The Gartner report, which focuses on technologies that protect enterprise IT infrastructure against advanced cybersecurity threats, lists PKWARE by name in three categories: format-preserving encryption, enterprise key management, and database encryption.

Read more ...

The last two years have been challenging ones for organizations that do business in the UK. Last spring, when the UK was still part of the EU, the European Parliament adopted the General Data Protection Regulation, marking a fundamental shift in Europe's rules for collecting and processing personal data. Just two months later, UK voters passed the Brexit referendum, leaving companies and individuals in confusion as to which data protection laws would apply.

Now, with the recently-announced Data Protection Bill, the UK government is taking steps to define the country's post-Brexit approach to data protection. As expected, the new law will implement most of the GDPR's provisions regarding individual rights and corporate responsibilities. However, the UK will deviate from the GDPR in at least a few areas, potentially creating a second set of requirements for companies that operate both in the UK and on the continent.

Read more ...

These are exciting days at PKWARE.

On July 11, we launched Smartcrypt Data Discovery, one of our most significant product releases in recent history. With this enhancement, our already-unique Smartcrypt platform now lets customers take an entirely new approach to protecting their sensitive data.

Read more ...

Even as data breaches go, this one was ugly.

Deep Root Analytics, a data analysis firm hired by the Republican National Committee to profile voters during the 2016 presidential campaign, left sensitive information on nearly 200 million American citizens on an unsecured web server. The data—more than a terabyte in all—included potential voters’ home addresses, phone numbers, and birthdates, as well as details on their religious preferences and ethnic backgrounds. Anyone with the URL for the server could download the files without needing to enter so much as a password.

Read more ...