Comment: How to Fight Back against Cybercriminals

A data-centric approach to security can help level the playing field between security departments and cybercriminals
A data-centric approach to security can help level the playing field between security departments and cybercriminals
Jason Hart, SafeNet
Jason Hart, SafeNet

If you believe the newspaper headlines, it’s as though organizations are fighting a losing battle when it comes to cybercrime. Huge data breaches seem to occur on a daily basis, with major companies like Amazon and Apple under attack.

Although their motives may be different, a hacker’s ultimate goal is to gain access to sensitive data, and they will exploit the weakest link within an organization’s security perimeter to achieve this. Organizations need to recognize this to ensure they have the optimum level of security in place to protect sensitive information, as a hacker will do everything in their power to try and steal it.

If we look back at significant attacks in the past, such as the SQL Slammer in 2003, it’s clear that hacktivist attacks have become much more sophisticated. Back then the cybercriminals behind this virus sought infamy, wanting to garner as much attention as they could through infecting as many machines as possible. To fight back against this, and future attacks, IT security professionals implemented breach prevention infrastructures. Unfortunately, nowadays there is a lot more for security departments to do in tackling the next generation of organized cybercriminals, who are no longer driven simply by the desire for notoriety.

Many security departments seem to be holding onto the past when it comes to strategy. Since SQL Slammer, security budgets have been focused on breach prevention, rather than securing the actual data that organizations are trying so hard to protect. CIOs/CISOs need to recognize that if a cybercriminal’s aim is to steal data, then they will find one way or another to do so. By continuing to invest in keeping new threat vectors at bay, at the cost of keeping cybercriminals out of networks, CIOs are failing to keep up to speed with changes in the security landscape and exposing their data to potential theft.

Constantly playing keep-up with cybercriminals will never be an effective security strategy – the hacker will win every time. Instead, CIOs must realize there will always be a weakest link for the hacker to exploit, and it’s fair to assume they may have already infiltrated the network. Embracing this way of thinking will help change the way management approach security and look instead at protecting the data itself. Accepting the inevitability of a breach but still having control over the data – and the security practices in place that protect the data – is the premise of the ‘secure breach’. This means that when, not if, the hackers do get to your data, it becomes worthless in their hands.

Implementing a secure breach strategy involves three key steps. The first involves identifying and then understanding who your adversaries are. Primarily these are sophisticated cybercriminals whose intention it is to break down security defenses and who want specific data from which they can make a profit. This can range from credit card numbers to bank account details to intellectual property.

Second, once organizations have recognized the sophisticated level at which their adversaries are operating, they can focus on encrypting the data under attack. Protecting the data itself leaves it useless when compromised. Although the hacker may be able to break through security defenses and steal this data, all they will find is scrambled information, rendering the theft pointless.

Finally, the third step is to make sure the keys to unlock the data are secured in hardware away from the data. Many organizations have vast quantities of data in silos across their infrastructure. This can sit in storage, backups, applications, file servers and databases. Managing and keeping track of all the encryption keys across these silos can cause a massive headache for organizations if not implemented correctly. Having an effective security key management strategy in place allows encryption keys to be centrally managed and will only allow authorized individuals access to sensitive data.

One of the most common mistakes that organizations make is storing the security keys in the same data center or on the same cloud platform where their data resides. This can potentially expose sensitive information to significant security risks. If cybercriminals can access the data, then they can surely get hold of the security keys given that they have the same level of protection.

One way to avoid such misfortune is to apply stronger security measures to the storage of encryption keys. By keeping the keys in a hardware security module (HSM) away from the data, organizations will be able to ensure that no unauthorized users can gain access. Even if a hacker were to somehow gain physical access to a hardware security module, they are tamper-proof and the keys stored would be destroyed if the hacker tried to break it open. Therefore, integrating best-in-class key management technologies and processes into the corporate security strategy is one of the top ways to maintain full control of sensitive data, regardless of where it resides.

These simple steps will make a massive difference to an organization’s security strategy. By ensuring that high-value data is secure wherever it exists (physically, virtually or in the cloud) CIOs/CISOs can be confident their data is secured across any infrastructure. Because the data itself is encrypted and the security keys are adequately stored and managed, CIOs/CISOs will always be the ones in control of their data, regardless of the malicious intentions of cybercriminals.

With data breaches hitting the headlines on a daily basis, it’s obvious that existing data security strategies are not delivering satisfactory results. While trying to fight hackers on all fronts can be extremely costly, complicated and inefficient, shifting the focus to the data itself offers a promising solution to the problem. By encrypting all valuable data and applying tamper-proof and robust controls to the management of the security keys, CIOs/CISOs will be able to protect the most valuable assets of their business, while ensuring minimal damage in the event of a security breach.

This shift in the approach to security will be a crucial way to put a stop to the current data breach panic experienced by so many organizations. Embracing the concept of the secure breach will give some power back to security departments, effectively targeting today’s generation of cybercriminals and finally leveling the playing field.

SafeNet UK Ltd is exhibiting at Infosecurity Europe 2013, the No. 1 industry event in Europe held April 23–25, 2013, at Earl’s Court, London. The event provides an unrivaled free education program, exhibitors showcasing new and emerging technologies and offers practical and professional expertise. Visit the Infosecurity Europe website for further information.


As a former ethical hacker with 18 years of experience in the information security industry, Jason Hart has used his knowledge and expertise to create technologies that ensure organizations stay one step ahead of the risks presented by ongoing advances of cyber threats. He is currently VP Cloud Solutions at SafeNet, where he is responsible for developing the company’s authentication-as-a-service offering. Hart has published numerous articles and white papers, and continually appears on national TV, radio and in print media as an expert advisor on cybersecurity. In addition, he regularly provides advice on information security matters to governments, law enforcement and military agencies and is Vice Chairman for E-Crime Wales.

What’s hot on Infosecurity Magazine?