By Dimitri Nemirovsky, Atakama Co-founder, and COO
Data breach headlines arrive fast and furious, with examples aplenty. The constant assault on companies is well known – the attack surface continues to expand, and sophisticated attacks are becoming more common. So, when state and independent actors continuously change and increase their attack capabilities, why do security professionals maintain the status quo and remain content with “check-box” security measures?
Exfiltration attacks are especially concerning. When sensitive data is stolen, there is no putting the genie back in the bottle, no matter how high the ransom payment is or how many times the ransom is paid. Once the data is exposed, it’s out in the wild forever. This is no exaggeration, as we’ve seen numerous breaches that resulted in exfiltrated data, including Nvidia, RR Donnelly, and Medibank. Attackers make a living on this premise, which is precisely why they have evolved their tactics from encrypting files to flat-out stealing them; it’s a more lucrative endeavor, and the pain they exert on companies is far more debilitating.
These incidents remind us that no matter how significant the resources are devoted to perimeter security, organizations must accept that threat actors will eventually overcome the barriers and access the sensitive information they’re after. With this unfortunate truth in mind, reliance on perimeter security solutions alone to safeguard critical data in the face of a data breach is no longer sufficient. In fact, it hasn’t been sufficient for quite some time.
In no particular order, attacks such as malware, phishing, man-in-the-middle, zero-day exploits, credential stuffing, password spraying, etc., and of course, human error, will ultimately lead to a successful breach of the perimeter. While perimeter security is of utmost importance, pr protecting sensitive data within the perimeter, whether on-prem or in the cloud, is equally important. Companies want to see their or, even worse, their customer’s data exposed online or on the dark web. And traditional check-the-box encryption solutions can’t help prevent file exfiltration attacks. This is because it’s not how traditional solutions were designed or intended to be used. When the perimeter is breached, the adversary has likely tricked the system into believing the attacker is an authorized user. As a result, the very systems in the ‘secure’ environment are now working against you, giving the attacker wholesale access to everything the authorized user has been permissioned to access. Indeed, most encryption solutions are rendered useless when the perimeter has been breached. The proper way to prevent data exfiltration is to maintain encryption of data at rest even when authorized users are logged in.
Conventional encryption solutions, such as those entirely reliant on user credentials, including central key servers, are truly nothing more than ‘checkbox solutions’ that suffer from single points of attack and failure. When an encryption key server is breached, criminal adversaries gain free rein to steal, ransom, and augment sensitive files.
Is your organization keeping pace?
Today’s perilous cyber landscape highlights the importance of encryption for organizations. But businesses only give themselves a facade of protection by clinging to conventional encryption solutions. For many, the severity of so doing will only, and unfortunately, become apparent following a successful attack. The countless headlines are proof positive that the status quo will eventually lead to devastating results. So why tempt fate when proper checkmate solutions exist?
While conventional encryption solutions can serve as a precautionary baseline measure, they’re not without their shortcomings. These legacy encryption tools provide only the weakest protection against an attack, as they rely on user credentials for decryption. As soon as the user authenticates, everything is effectively decrypted, enabling the user to interact freely with the user’s files.
The solution is file-level, granular encryption that is wholly decoupled from other authentication processes yet doesn’t pose a barrier to usability.
Multifactor encryption is a relatively new approach that makes it impractical for an unauthorized user to attempt to open an encrypted file. Unlike conventional encryption solutions that rely on pre-existing user authentication systems or bulk-encrypt with a single key, a multifactor approach disconnects authentication from encryption. Through the use of AES with 256 bit keys, files can be encrypted with a unique key. The key can then be split into pieces, with the pieces distributed and saved to physical devices. Enabling a Distributed Key Management System (DKM) can also increase file-level security. Without traditional passwords and central points of failure and attack, protected files cannot be hacked or compromised without being authenticated to multiple physical and trusted devices acting as key shard holders. It is as if each file is uniquely password-encrypted but without the use of passwords.
The DKM architecture offers additional benefits other checkbox solutions don’t; flexible deployment and configurations that can accommodate almost any use case and workflow. Whether the files are on-prem or in the cloud, whether users are at the office or work from home, these solutions can be deployed anywhere. Moreover, security can be throttled to allow seamless file access with minimal user friction, adding user involvement for the most sensitive files.
Multifactor encryption has redefined the encryption landscape by delivering unrivaled data protection. A decentralized approach to cryptographic key management protects organizations from data exfiltration, especially when identity and rules-based access controls fail. As a result, multifactor encryption allows for the highest levels of data security without sacrificing business performance and productivity. The concept is simple, but the approach completely changes how data is protected – checkmate attackers!
Dimitri Nemirovsky holds BBA and MBA degrees from Baruch College and earned his JD from Brooklyn Law School. Prior to co-founding Atakama, Dimitri spent 15 years as an attorney, most recently practicing regulatory and enforcement law at Bingham McCutchen where he represented large financial institutions in high-stakes matters. Dimitri began his career at Merrill Lynch.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.