Protection against hacking
15 Mar, 2021 11 min read
You will be hacked
Every organisation has IT security gaps, and staff actions and human error are the most likely start of the chain of events leading to data theft. It’s simply not possible to block all breaches.
Data is make or break
Data is at the centre of an organisations’ operations ability to function, grow and prosper. Losing control over data can result in fines, legal action, brand damage, and even going out of business.
Data will be stolen. Deal with it.
The sooner we can accept that data will be stolen the better. In this article I’m going to shed light on the routes used by cybercriminals to break into an organisation, and show how by using SecureData technology your data can be rendered useless when it is stolen.
Why will my organisation be hacked and how can file-level encryption help?
The truth is, even organisations that you expect to be highly secure can, and have been breached – FireEye for one. CEO Kevin Mandia of FireEye said that ‘[The hackers] used a novel combination of techniques not witnessed by us or our partners in the past’.
Another successful breach was at MalwareBytes. The attack used an intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.
FireEye, who helped in this investigation, released a whitepaper detailing remediation and hardening strategies, which customers can download. Their Mandiant threat detection unit has also released an auditing script, Azure AD Investigator. CrowdStrike, too, released a tool to help companies identify and mitigate risks in Azure Active Directory.
These auditing scripts are great, but these new measures still only remediate against this, and similar kinds of attack. And here’s the point – there will always be a clever cybercriminal, an undiscovered or unpatched vulnerability or a human mistake that will break through your defences. That’s why file-level encryption is critical. With file-level encryption it doesn’t matter that the data is taken, it’s useless.
Remember, the cybercriminal also doesn’t need to be unknown – many successful data breaches are deliberate acts by employees.
Another successful breach was at MalwareBytes. The attack used an intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.
FireEye, who helped in this investigation, released a whitepaper detailing remediation and hardening strategies, which customers can download. Their Mandiant threat detection unit has also released an auditing script, Azure AD Investigator. CrowdStrike, too, released a tool to help companies identify and mitigate risks in Azure Active Directory.
These auditing scripts are great, but these new measures still only remediate against this, and similar kinds of attack. And here’s the point – there will always be a clever cybercriminal, an undiscovered or unpatched vulnerability or a human mistake that will break through your defences. That’s why file-level encryption is critical. With file-level encryption it doesn’t matter that the data is taken, it’s useless.
Remember, the cybercriminal also doesn’t need to be unknown – many successful data breaches are deliberate acts by employees.
File-level encryption protects compromised user or service accounts
Here’s another truth - legitimate users or service accounts are often scapegoats since an apparent ‘insider’ already has access to information. The cybercriminal could compromise the user account using phishing, password guessing or social engineering. The data thief could also simply be that insider.
Case in point - the auditor at Morrisons had legitimate access to personnel records. Using this access he stole payroll information and leaked it to journalists.
If the SecureAge Security Suite had been installed, the accountant would have found that the file he created (stole) that contained staff details, would have been encrypted and therefore useless. He could have seen the data in the file while at work but would not have been able to decrypt it outside of work.
Case in point - the auditor at Morrisons had legitimate access to personnel records. Using this access he stole payroll information and leaked it to journalists.
If the SecureAge Security Suite had been installed, the accountant would have found that the file he created (stole) that contained staff details, would have been encrypted and therefore useless. He could have seen the data in the file while at work but would not have been able to decrypt it outside of work.
Encrypting ‘sensitive’ data isn’t effective
A common technique is to identify sensitive data, then place it in secure data stores where information is encrypted. This is good, but leaving aside the significant problem of accurately defining, identifying and segregating this most sensitive data, one major pitfall with this concept is that humans are involved, and humans do what’s most convenient rather than what’s expected from an IT security point of view.
For example, the massive 2017 data breach at Equifax involved the hackers stumbling across a plain text file that contained usernames and passwords. It would certainly have been against security policy to even write this information down, let alone store it on a server, but people do unexpected things like this.
Another problem with the ‘security silo’ approach can be seen by a ransomware attack that targets specific senior executives and this is becoming more prevalent. Once the cybercriminal has gained system access, they look for information that will cause maximum embarrassment for the target. This could be corporate – like legal action against the company – or personal. Either way, the information tends to be held locally and not in the security silos established by the IT department. I wonder what information was on Nancy Pelosi’s laptop that was stolen in Washington’s Capitol riots?
The SecureAge Security Suite silently encrypts all files at source and maintains encryption no matter where data is moved or how it is used. It doesn’t matter where the data is stored, and there are no choices to be made: everything is protected using authenticated encryption, and the human element is removed. To find out how our encryption technology works visit SecureData
For example, the massive 2017 data breach at Equifax involved the hackers stumbling across a plain text file that contained usernames and passwords. It would certainly have been against security policy to even write this information down, let alone store it on a server, but people do unexpected things like this.
Another problem with the ‘security silo’ approach can be seen by a ransomware attack that targets specific senior executives and this is becoming more prevalent. Once the cybercriminal has gained system access, they look for information that will cause maximum embarrassment for the target. This could be corporate – like legal action against the company – or personal. Either way, the information tends to be held locally and not in the security silos established by the IT department. I wonder what information was on Nancy Pelosi’s laptop that was stolen in Washington’s Capitol riots?
The SecureAge Security Suite silently encrypts all files at source and maintains encryption no matter where data is moved or how it is used. It doesn’t matter where the data is stored, and there are no choices to be made: everything is protected using authenticated encryption, and the human element is removed. To find out how our encryption technology works visit SecureData
Full-disk encryption doesn’t protect all data
Full disk encryption does indeed encrypt everything. However, a little less known fact is that once booted, the operating system will hand over decrypted data to any user or process that requests it – no questions asked. Full disk encryption is great for protecting data on a laptop lost on the train, but it is of no help in terms of security on a live system.
And what happens when you copy data out of an encrypted disk, or some other security silo? It is no longer encrypted and can be taken anywhere, completely unprotected.
With the SecureAge Security Suite, files remain encrypted all the time, even when in use. Only a user with the correct key, the appropriate authority and access to the encryption engine is able to access data. This means that data, once stolen, is useless.
And what happens when you copy data out of an encrypted disk, or some other security silo? It is no longer encrypted and can be taken anywhere, completely unprotected.
With the SecureAge Security Suite, files remain encrypted all the time, even when in use. Only a user with the correct key, the appropriate authority and access to the encryption engine is able to access data. This means that data, once stolen, is useless.
Security software vulnerabilities and misconfiguration
We need to accept that software will always have bugs and security vulnerabilities, and humans will always make mistakes.
The United Nations recently left credentials exposed to the internet, enabling access to several databases and the downloading of sensitive information. And in the previous year, the UN suffered a cyberattack and data loss stemming from a Microsoft SharePoint vulnerability which was patched some months earlier, though the UN failed to apply the patch.
Sure, Data Loss Prevention, DLP, stops data moving in a way that contravenes a policy which you set out, but often this is designed to identify sensitive information, preventing it from leaving the organisation and thereby blocking data theft.
Like any policy, this decision is based on previous experience and on speculation as to how data could be withdrawn. What if an employee works out how to evade the DLP checks? What if the policy rules miss some information which later turns out to be important to the organisation, or perhaps damaging if made public? Even the most seemingly safe information, when publicised by a cybercriminal, could harm a brand resulting in reputational damage and customer loss.
By ensuring that all data remains encrypted all the time, the SecureAge Security Suite, deals with the reality of software, system and human vulnerabilities. It doesn’t do this by attempting to stop the problem, but instead, by accepting it and then ensuring that any data that is stolen is useless to the thief.
Remember, it’s also not necessarily the case that you’re able to control the cause of the security breach. SolarWinds, the IT infrastructure management software company was in the unfortunate position of having their software deliverables injected with malware, which in turn was installed by their customers.
With an ecosystem of cyber threat intelligence deployed by this company, User and Entity Behaviour Analytics, Data Loss Prevention and Security Information and Event Management tools and services, to name but a few, it could be assumed that data breaches and theft would be spotted. But it seems that hackers first breached SolarWinds in 2019, and to this day, their affected customers are still unsure of the extent of data loss and remaining malware in their networks.
The United Nations recently left credentials exposed to the internet, enabling access to several databases and the downloading of sensitive information. And in the previous year, the UN suffered a cyberattack and data loss stemming from a Microsoft SharePoint vulnerability which was patched some months earlier, though the UN failed to apply the patch.
Sure, Data Loss Prevention, DLP, stops data moving in a way that contravenes a policy which you set out, but often this is designed to identify sensitive information, preventing it from leaving the organisation and thereby blocking data theft.
Like any policy, this decision is based on previous experience and on speculation as to how data could be withdrawn. What if an employee works out how to evade the DLP checks? What if the policy rules miss some information which later turns out to be important to the organisation, or perhaps damaging if made public? Even the most seemingly safe information, when publicised by a cybercriminal, could harm a brand resulting in reputational damage and customer loss.
By ensuring that all data remains encrypted all the time, the SecureAge Security Suite, deals with the reality of software, system and human vulnerabilities. It doesn’t do this by attempting to stop the problem, but instead, by accepting it and then ensuring that any data that is stolen is useless to the thief.
Remember, it’s also not necessarily the case that you’re able to control the cause of the security breach. SolarWinds, the IT infrastructure management software company was in the unfortunate position of having their software deliverables injected with malware, which in turn was installed by their customers.
With an ecosystem of cyber threat intelligence deployed by this company, User and Entity Behaviour Analytics, Data Loss Prevention and Security Information and Event Management tools and services, to name but a few, it could be assumed that data breaches and theft would be spotted. But it seems that hackers first breached SolarWinds in 2019, and to this day, their affected customers are still unsure of the extent of data loss and remaining malware in their networks.
A Zero Trust architecture may not limit the scope of any breach
An increasingly common approach to IT security is the implementation of Zero Trust architectures. This is not a product, more a way of thinking when it comes to deploying existing security technologies.
Zero Trust assumes that nothing on the ‘inside’ can be trusted implicitly. Each and every asset – like endpoints, applications and data stores – has a defined protection surface that acts as a security shield. To get through this shield, a transaction must conform to a policy that enforces legal transaction flows and authentication requirements.
It looks good on the surface but the problem with most Zero Trust implementations is that they don’t take the concept far enough. These businesses end up with a network that has many ring-fences, each with their own controls. However, the data inside the fences is not secured, so anyone that manages to get inside will have free reign over information stored.
Zero Trust assumes that nothing on the ‘inside’ can be trusted implicitly. Each and every asset – like endpoints, applications and data stores – has a defined protection surface that acts as a security shield. To get through this shield, a transaction must conform to a policy that enforces legal transaction flows and authentication requirements.
It looks good on the surface but the problem with most Zero Trust implementations is that they don’t take the concept far enough. These businesses end up with a network that has many ring-fences, each with their own controls. However, the data inside the fences is not secured, so anyone that manages to get inside will have free reign over information stored.
Accept it: Your data WILL be stolen
Rather than trying to anticipate and fill all the security gaps, I encourage you to accept that you will get hacked and accept that data will be stolen. Once you reach this point it becomes obvious that data needs inherent protection so that when stolen it is useless to the thief.
Data that has authentication and security built right into it does not rely on any strong container to protect it. That’s why the SecureAge approach is to focus on inherent protection of Data, preventing the loss of information without changing user behaviour or impacting applications.
The SecureAge Security Suite: one-stop complete protection
The SecureAge Security Suite provides the final layer of technology which ensures that data remains protected in use, when copied anywhere and even when stolen. By building both authentication and security inherently into each file, stolen data is rendered useless to the cybercriminal – even if the data thief is internal.
Built to balance security with ease of use, The SecureAge Security Suite silently encrypts all data files without the user being aware of the process. By eliminating user choice from security actions, we strongly enforce information protection while making no impact on the way people work. And by securing all data files in all locations the SecureAge Securite Suite accommodates human nature – even if their choices are in contravention of corporate policy.
Here’s a summary of my six favourite features of the SecureAge Security Suite:
Data that has authentication and security built right into it does not rely on any strong container to protect it. That’s why the SecureAge approach is to focus on inherent protection of Data, preventing the loss of information without changing user behaviour or impacting applications.
The SecureAge Security Suite: one-stop complete protection
The SecureAge Security Suite provides the final layer of technology which ensures that data remains protected in use, when copied anywhere and even when stolen. By building both authentication and security inherently into each file, stolen data is rendered useless to the cybercriminal – even if the data thief is internal.
Built to balance security with ease of use, The SecureAge Security Suite silently encrypts all data files without the user being aware of the process. By eliminating user choice from security actions, we strongly enforce information protection while making no impact on the way people work. And by securing all data files in all locations the SecureAge Securite Suite accommodates human nature – even if their choices are in contravention of corporate policy.
Here’s a summary of my six favourite features of the SecureAge Security Suite:
1. Per-user file-level encryption
The SecureAge Security Suite uses PKI-based file-level encryption to protect information. Each file is encrypted with a unique key that itself can be unlocked only by its owner and any other users who are authorised to share the file. Users have their own keys that are used to authenticate against each file.
2. Universal file encryption
The SecureAge Security Suite encrypts all files at the source and maintains encryption no matter where data is moved or how it is used. It doesn’t matter where the data is stored, and there are no user choices to be made: everything is inherently protected using authenticated encryption, and the human element is eliminated.
3. Complete transparency
Removing the human element means that universal file encryption must be completely invisible to both users and applications. Operating at the file system level, the SecureAge Security Suite does not interfere with users or the way they work. All encryption and decryption happens completely behind the scenes, supporting the way people work while providing strong security for all applications both current and legacy.
4. Authorisation is built into the data: Authenticated encryption
To ensure that only authorised users may access data no matter where it is stored or copied, the authority to decrypt must be an inherent part of the file. Each file is encrypted for its owner and any authorised sharers. Even privileged users cannot decrypt data because they do not have the right keys, though they can still do their job unhindered – for example, moving files and restoring backups.
5. Centrally managed encryption engine
Since the SecureAge Security Suite uses a PKI-based encryption engine it executes at the endpoint and is managed by a central service. That means only the organisation’s authorised machines are able to run the encryption engine. As a result, any files copied outside the organisation are useless since they cannot then be decrypted – even by a member of staff who can view the data when at work.
6. Compensates for human error
There will always be security gaps and people will always make mistakes. But by using the SecureAge Security Suite to encrypt data at source, with both data security and authentication forming an inherent part of each data file, a security breach and consequent data theft no longer needs to result in unauthorised exposure of information
I would love to talk to you more about the SecureAge Security Suite and show you how easy it is. Book a demo to find out how we can help you keep your data safe even when the cybercriminal is already inside your network