Boston: The recent HBO data breach, in which hackers leaked internal emails along with a wealth of valuable network documents, is just the most recent chapter in the worldwide story of high-profile cyber security breaches. When considered alongside recent cyber security attacks impacting millions of customers of Verizon, Yahoo and Dow Jones, the HBO case, which the hackers are demanding a ransom for materials that include the draft scripts for upcoming episodes of the wildly popular series Game of Thrones, has raised a massive red flag for businesses of all sizes: passwords are obsolete and even dangerous. And for that matter, so are current encryption methods that make it possible to access emails as they travel or reside on the server, and bring an entire enterprise down. Winter is coming, indeed!
“Businesses are in a cyber security crisis, which directly impacts their viability,” said Randy Battat, CEO, PreVeil. “IT managers and the C-suite may not realize that the likelihood of their server being compromised at some point is akin to death and taxes! For airtight protection, businesses should turn to end-to-end encryption, the ‘gold standard’ method, which protects user data even when the server is breached.”
Currently, the two most widely applied email encryption processes are encryption in transit and encryption at rest, both of which leave enterprise servers vulnerable, whether in the data center or the cloud. End-to-end encryption, in contrast, covers data on its journey from start to finish; messages and attachments are encrypted directly on the sender’s device and are decrypted on the recipient’s device. This means that only the sender and recipient can read them; the server cannot, and anyone hacking the server sees just “gibberish.”
Then there is the question of passwords. Hackers often rely on users’ bad habits: most of the passwords used by individuals to access multiple online accounts are the same or very similar for 39% of Americans.1 This means thieves can rely on already-stolen login information to attempt to breach additional accounts. The lesson: passwords are an inherently flawed way to protect important data. Much better to rely on extremely strong cryptographic keys stored locally on user devices, not easily guessed passwords, to facilitate user access to encrypted information in the cloud.
The HBO hackers were able to obtain administrator passwords for the company’s internal network, which brings up an additional vulnerability: most systems have the concept of a “super-user” or “administrator” who can access all information in the system. It is preferable to have trust that is not centralized, but rather, distributed amongst a set of administrators or users. This avoids centralized points that can become targets for attackers. No one person within an enterprise – whether they’re hacked from the outside, or are themselves an insider threat – can bring the entire business down.
PreVeil, which provides next generation email, file-sharing, and storage systems, is helping enterprises to take advantage of this decentralized approach and protect their business communications with end-to-end encryption. In addition, because even the most thorough encryption method is useless when it isn’t used, PreVeil is taking the longstanding “mystery” out of encryption for all knowledge workers, who can send secure emails as easily as regular emails. There is no special email or domain required, so users are identified by their regular email address.