The IT World is facing massive security breaches due to the lack of
good encryption practices. This has caused huge scandals at Target,
Adobe, Linkedin, and Snapchat to name a few. Sensitive data was
hackedraising questions on whether the data was encrypted or not. Even
if it the stolen data was encrypted, could data confidentially still be
at risk?The answer is YES. Data encryption should not be considered a
“Get out of Jail Free Card.” This has been greatly agreed upon based
off many data breach incidents.
Data encryption is not equivalent to secure data protection.
Data encryption is unable to provide the following data protection:
Encrypted Data Publication: The hacker can copy, publish, and
distribute the encrypted data to intended parties (e.g.,
WikiLeaks) or totally open the public, having very high risks.
On June 2016, Wikileaks released massive 88 GB encrypted
insurance files. Data encryption could not actually nullify the
damage caused by such data breaches, especially for the cases
of safety-critical data (e.g., national security data). Such a
conclusion can also be evidenced from the many healthcare data
breaches, e.g., Codman Square Health Center in Dorchester,
Mass., Keck Medicine in Los Angeles, part of University of
Southern California, World Anti-Doping Agency's database of
Olympians' medical record leakage, etc. Most healthcare data is
encrypted but they still can be breached.
Ransomware: Encrypted data is subject to Ransomware attacks
as if the data isn’t even encrypted. It is a type of malicious
attack to malevolently encrypt the datauntil an amount of money
is paid to the hackers. Since 2016, Ransomware has aggressively
increased, especially regarding business data. The current
anti-Ransomware efforts are stunted as the Ransomware itself
effectively acts as a security application. The total number of
the Ransomware attacks rose by 13% in September in 2016 alone,
said by Check Point cybersecurity researchers. Hollywood
Presbyterian Hospital paid $17,000 to ransom. The total cost of
damages could come to $1 billion in 2016 such that Ransomware
has been now one of the three most common malware threats.
Data Tamper/Destruction/Sabotage: RSA conference in 2016
noticed that the security industry has been primarily focused
on stopping information theft for years. Now, more and more
people in the trade are worried that the next wave of attacks
won’t steal data – they’ll sabotage it instead. Encrypted data
could be tampered with and even be totally destroyed. In the
earlier data breach incidents, the hackers steal the desirable
data from the system. But recent data breaches show that
hackers can modify or even destroy the data on the data system.
Data destruction could cause serious issues for a business when
the destroyed data is unrecoverable. Notable examples of data
destructionis thethe Sony Pictures Entertainment data breach on
November 24, 2014, and the Saudi Arabia data breach in 2016. In
these incidents, the hacker wiped a large amount of sensitive
data after stealing it. Data in three-quarters of the computers
and servers at the studio’s main operations were almost
destroyed. Recently, NSA (Mr. Iain Thomson) revealed that the
data tampering is the second of the top three IT nightmares.
Suppose the data has been subtly altered rather than stolen.
The consequences of this scenario could be severe, especially
in the IoT (Internet of Thing) in relation to the industry
safety (e.g., SCADA (Supervisory Control and Data Acquisition))
and national security.
Cryptographic Attacks: Further, the data encryption is subjected to cryptographic attacks by exploring the weakness of encryption. The encrypted password, credit card, or other encrypted PII (personal identity information) can be crashed in a few seconds, e.g., 6 seconds, by brute–force decryption attacks. There are many incidents (Linkedin – 200 million PII, Yahoo – 500 million PII, Dropbox, etc.) that occurred with PII disclosure. The Dropbox data breach incident occurred in 2012 and is confirmed in 2016, resulting in 68 million of PII leakage. This is due to the weakness of encryption protection of short PII data, e.g., 8-15 digitals of a password. Advanced computation systems are able to crash an encrypted file. The Penetrating Hard Targets project spends 79.7 million of research to crack RSA on the web. MIT’s Quantum Computers can crack most of the encryption.
Malware may steal/modify/delete (e.g., stealth attacks) encrypted files such that you are unable to recover them. The compromise of a storage device having the encrypted files will result in data loss and other risks. Data encryption is designed for protecting data confidentiality. It is unable to offer the following data protection capabilities:
Preventing encrypted data stolen, redistribution, and publication
Enabling robust capability to defending Ransomware attacks
Protecting encrypted data in the storage from being sabotaged
Preventing encrypted data from being crashed by brute-force or other cryptographic attacks, and
Offering reliable restoration/recovery from being tampered.
NXdrive is holistic solution for data storage and protection against data breaches. Different to saving a data as a file (even an encrypted file), NXdrive is fragment-based data storage that builds extra features over encryption to provide holistic data protection capabilities. Specifically, a file is saved as a number of fragments over different authorized places. It prevents external and internal data thieves (attacker reads the data), data loss (hacker deletes the data), and data tamper (hacker changes the data).
Figure 2: NXdrive adds data spatial properties for data protection that is hard to be explored by using a powerful computer.
NXdrive achieves fine-grained data security to prevent the data stolen and sabotage from potential cyber-attacks. NXdrive (www.NXdrive.com) is an online system to provide data protection:
Worry-free on data confidentiality: NXdrive provides leading capability of protecting your data confidentiality
Worry-free on data breach: NXdrive excels in defending against data breach which is one of the major cyber security threats of the online data storage.
Worry-free on privacy: NXdrive protects the data privacy, having the unique abilities to disable a number of semantic analyzing tools that targets for your data privacy.
Worry-free on data loss: NXdrive has robust self-generation capabilities that prevent the loss of any data pieces.
Worry-free on device compromise: Automated data protection prevents data disclosure or loss that could be caused by device loss or device failures.
Worry-free on data insiders: NXdrive prevents insiders by advanced features of distributed authentication and authorizations for data management.