Anonymous and safe: how to protect information from prying eyes

The future lies with technologies of information security, which at the same time provide proactive protection, backup, and authenticity of data

According to TechCrunch, 2016 was an extraordinary number of cyber attacks on business and government. We, as a company that deals with security of data, constantly see evidence of this. Recent example: February 22, was attacked sites of the government of Montenegro, as well as several public authorities of this country and the major local media. Not for the first time — only in 2016, such attacks were more than 200.

Actually this has been happening for quite a long time; you can easily think of many very high-profile cases in past years have stolen the group “Cyberberkut” letter billionaire George Soros, hacked email, Russian Deputy Prime Minister Arkady Dvorkovich, the leak of e-mail messages the then Secretary of state Hillary Clinton (the Pentagon, by the way, spends annually on information protection for more than $1.6 billion), etc. And that’s just what we learn from Newspapers and news resources, in reality it happens every day.

Hackers learn

These examples very clearly demonstrate the two most relevant trend in the world of information technology. First — the number and scale of data are constantly growing. I say including about personal information — photos, video, audio, and about corporate and government data. The pace of this growth are enormous — not less than 40% per year. It is not a secret that most of this information is stored in the cloud, it’s easy and effective. Sometimes it may be not interesting, other than their owners, family photos or presentations, but if we are talking about business or government, then we can talk on sensitive and even secret information. This is especially true, considering how many useful cloud services you receive for the business. In General, the amount of information grows, as well as its circulation, and the more sources, the more potential holes and the more ways to hack, steal, attack. Partly this was the reason two powerful trends: increasing the number and activity of cyber threats, increasing the advancement of the attackers.

Changed the very nature of cybercrime. If it had been the attack on the forehead, breaking into systems, but now it’s more penetration. There are corresponding advanced cyber threats. For example, such as ransomware program designed to extort that, once in the system, just a few minutes can block it. Penetration ransomware can be as crass and obvious, and very sophisticated. A simple example. Employees of companies and government agencies increasingly use personal mobile devices, and this opens up additional opportunities for cybercriminals.

I will describe only one embodiment of the penetration. As a rule, ordinary employees do not have access to the most sensitive data or the access is strictly on the job through the computer. But leading managers, since, roughly, with the heads of departments are often forced to work in the mode of “24/7”, they can’t disable access to, for example, financial documents after 19:00. Such people in the organization can be from a few dozen to a few hundred. They are all a potential target of hackers. Imagine how committed such a crime, it is easy: in the evening the man goes to the cafe he tied a conversation with a stranger. Enough for a few minutes to borrow the smartphone to enter into the database. Of course, a control system, no matter how smart she was, did not react to it is the authorized login of the owner, and not hacking.

However, this method of penetration is already outdated. Ransomware can harm much easier. The person receives the letter, looking at first sight like an email from a colleague. A lot of people comes across and opens it: most often it is regular spam, but with the same success it could be ransomware, which in minutes will paralyze not just computer media, but also the entire system in which it is located. To you not think that this is a contrived situation, here is a real case in the beginning of February, hackers around and blocked the information systems of several public services in Ohio. Among them was the 911. A very dangerous situation.

Triple protection

Whether really to deal with it? Difficult. Due to advanced cyber threats traditional antivirus is not very effective: malware may “slip” between updates. Backups also do not always have time to save important data. That is why proactive protection is perhaps the most winning tactic. One of the most promising technologies blockchain. If very to simplify, it is a storage technology that is protected by a unique mathematical rules so that no one can possess except their owner. In addition, the blockchain solves another problem — the problem of reliability of the data remain unchanged. Until recently it was impossible to be sure that, say, financial accounts or filing hospital was not modified over time because of oversight or because of cyber attacks — it doesn’t matter. The blockchain makes sure that the data is authentic and has not been changed. As a result, today there is not a single major developer who would offer a solution that combines all three functions — proactive data protection, backup and its authenticity. In this Trinity we see the future.

I am sure that the vast recognition of the blockchain — a matter of time. Recently, the court in Arizona acknowledged for the first time the entry in the blockchain as legitimate to the proceedings before the court. Given the precedent of American law, this is very important news and we can expect that in the near future this practice will be applied in other States, and then, most likely, and in other countries.

Of course, technology of information protection will grow (although as technology attacks), and if you speculate a bit about the near future, I think we will come to what data will be stored in an encrypted, anonymous, depersonalized form. Access to them will be nothing to give an attacker, because even to understand what blocks belong to a particular person or company would be impossible. Navigation information will be in other systems beyond the control of the storage system. The keys to deciphering will also be a separate system. And so on — to “sort” the keys and codes will be in the maximum (n) number of systems forming a long chain, and breaking one of them will give nothing to the malefactor: open need all that in reality is almost impossible.

This is just one of the possible concepts — perhaps we will see some others. In any case, ordinary people, and the organizations and States they are necessary. The authors of ransomware are very sophisticated and often quicker than the anti-virus. So, one of the last found malware Spora offline and attacks only certain “interesting” files. It’s funny that the author offers discounts and deferred to those victims that will leave a positive feedback about Spora, thereby advertising program. And apparently, he succeeded.

We hope that the business will take the threat seriously and will be able to protect their data, which today more than ever are at risk. After all threatened even the most powerful of the company: not long ago, the Chairman of the Board of Sberbank Stanislav Kuznetsov admitted that this year the organization was twice subject to attacks of cyber criminals.

The authors ‘ point of view, articles which are published in the section “Opinions” may not coincide with ideas of editorial.

Be the first to comment

Leave a Reply