Tag: data privacy

Is Blockchain Really as Secure as it Seems?

Posted on by Nicole Tidwell

For nearly a decade and a half, cryptocurrency and the blockchain technology that powers it have played an increasingly central role in cybersecurity and online privacy discussions. Bitcoin and other cryptocurrencies have been touted as truly anonymous ways of storing and spending money, and popular perception remains, which is that blockchain itself is “unhackable.” 

While the idea of digital currency or decentralized data is not a new one, functioning blockchains are still relatively new. The technology became viable in 2008 when a person (or group of people) using the name ‘Satoshi Nakamoto’ introduced the first digital currency that addressed decentralization’s past issues by creating the first viable blockchain. Since then, various applications for blockchain technology have been developed, mostly due to its inherently incorruptible nature. 

How Does the Blockchain Work? 

Sometimes referred to as distributed ledger technology, a blockchain is a type of online database that maintains records in the form of “blocks” of information that are cataloged in chronological order. This creates a “chain” of data blocks, each representing an event in the history of the complete system. Each time a new transaction is completed, a new block is added, continuing the ledger of information. 

Blockchains come in two primary forms, public and private. In public chains, users from anywhere can join, becoming a part of the chain of nodes, sending and receiving transfers of data and currency that are then included in the chain. On the other hand,  private chains only allow users that have been granted permission to access transaction data. Both private and public chains can also be “permissionless” or “permission restricted,” depending on whether or not users within the network have the ability to validate transactions or merely utilize the existing nodes. 

It’s worth noting that blockchain technology can be used to send, receive, and track where files are sent. However, the actual data within the blocks remain private. The data itself is only accessible to the user(s) with the correct digital ‘keys.’ The databases where information shared using a blockchain is stored still have the same features and vulnerabilities, regardless of how securely that data may be shared.

A Reputation for Inherent Security

As we mentioned earlier, a common perception among those who use any form of blockchain technology is that this type of system is impenetrable. Like conventional digital ledgers, the record of events is intended to be permanent, with each block becoming unchangeable once it’s accepted into the chain. However, unlike traditional systems, blockchain data is stored across multiple nodes hosted in different locations. The wider the web of nodes spreads, the more fail-safes the system has. 

The result is a theoretically corruption-proof system. In theory, if a secure node (or nodes) were to be compromised, the rest of the blockchain would recognize the discrepancies and prevent false information from being accepted. 

Blockchain’s Limitations

While all of this makes large blockchains fundamentally more reliable than single-source records, no system is completely immune to threats. The dangers to the blockchain can come from users within a network or outside of it. These dangers must be considered before you put all of your faith into a system on reputation alone. 

51% and Sybil-Type Attacks

While the record of shared information is protected by the wide variety of verification data centers in the system, malicious actors can target the network itself. The two most obvious threats to blockchain networks come in for form of “51%” attacks and “Sybil-Type” attacks. 

During 51% of attacks, hackers attempt to generate enough data verification nodes to outnumber the number of legitimate nodes. If a single party can gain control of more than half of a blockchain’s nodes (hence the name), the information they present will be seen by the system as the ‘real’ record, and the previously existing, legitimate chain will be overruled.

Additionally, 51% of these attacks are only practical in smaller networks. Major blockchains, like Bitcoin, are far too vast for any one group to take control. Additionally, these attacks can be mitigated using a permission-restricted system so only verified users can create new nodes. 

Sybil-type attacks, so-called after a book of the same title, refer to an attack by users who attempt to create an overwhelming number of false transactions with false identities. These attacks flood the chain with unreliable information and overwhelm the system. Sybil-type attacks share some similarities with other blockchain threats, but they are easier to create in public chains. These attacks can be prevented if there is a high cost to create new accounts to discourage users from creating enough to disrupt the chain. 

Compromised User Accounts and Routing Attacks

Like with many digital systems, the greatest vulnerabilities of all come from the human component. While correctly moderated blockchains may be extremely resistant to intervention, users in the system are always vulnerable to phishing, RAT attacks, and other social engineering scams that jeopardize credentials and digital keys. 

Due to the impact of human error, data shared via the blockchain can be verified as coming from a legitimate source; however, there’s no guarantee of safety once it has reached its destination. Crypto wallets, private databases, and more can all still be breached by inside or outside actors.

Cryptocurrency Exchange Trustworthiness

If sending money over blockchain, users need to familiarize themselves with the crypto exchange. Although many tout the safety and security of the blockchain, using cryptocurrency for transactions isn’t safe as what was once alluded to. With the recent collapse of FTX and loss of $2 billion in user funds, businesses and individuals alike could be at the mercy of how these private organizations are handling both data and money. 

Truly Secure Data with Sertainty 

Regardless of the enhanced legitimacy of decentralized ledger systems, data breaches remain a significant concern for any conventionally-protected network. Utilizing a public or private blockchain can be one part of your data protection strategy. However, to guarantee that network breaches don’t leave you vulnerable, you must ensure that your data files are truly secure. 

Rather than rely on a series of firewalls and trust that those with access are legitimately allowed to be there, Zero Trust security gives data the ability to protect itself. Following this methodology, Sertainty has redefined how information is protected to ensure data privacy even where firewalls fail. Using cutting-edge protocols and embedding intelligence directly into datasets, Sertainty leverages proprietary processes that enable data to govern, track, and defend itself. These protocols mean that even if systems are compromised, data remains secure. 

As the digital landscape evolves and networks become more widely accessible, Sertainty is committed to providing self-protecting data solutions that evolve and grow to defend sensitive data. Instead of focusing on your network’s inherent shortcomings, we enable our partners to safely and confidently embrace the potential of a new online-oriented world. Data breaches may be inevitable, but with Sertainty, privacy loss doesn’t have to be.

How “Bring Your Own Device” Policies Are Feeding the Rise of Mobile Threats

Posted on by Nicole Tidwell

Driven by the shift to remote and hybrid work models, more and more people are using their personal devices for work purposes. A vast majority of Americans own smartphones, and many use those phones to access internal company documents and databases. But while this may be a convenient habit, it also introduces complex security risks.

Sensitive data is at a greater risk than ever before, with high-profile breaches making headlines. Understanding the threats to workers’ personal IT assets is vital in today’s connected landscape. As the proliferation of devices opens up potential network vulnerabilities, innovative security has to stay one step ahead of evolving digital threats. 

The Shift to BYOD 

Over the last decade, companies have been moving toward “Bring Your Own Device” policies, encouraging employees to use their own devices for work tasks. The onset of COVID-19 and the subsequent shift towards remote working has only increased this trend. But why are employers so quick to embrace this approach?

In addition to lower equipment costs for companies, BYOD means that employees can spend less time training to use new systems and harness the increased productivity of more familiar devices. BYOD also involves less accountability for managing IT assets, which workers can take to and from home at will. But for all of the conveniences and seeming efficiency, adding unmonitored devices that may have varying levels of security measures presents numerous opportunities for data breaches. 

Growing Mobile Use Statistics

Mobile devices are more ubiquitous than ever before for both professional and personal use. According to Statista, more than 91% of the global population (7.26 billion people) owns a mobile phone. The agency also found that 83.4% of people own a smartphone. This is a considerable rise, up from just 49.4% in 2016. 

Now that the overwhelming majority of the world owns smartphones, people commonly use them for tasks that were previously relegated to desktops and laptops. An August 2022 study found that 41.6% of emails were opened on mobile, with desktop browser email accounting for only 16.2% of opened emails. With so much of our information being stored and exchanged on mobile devices, understanding the potential data risks is essential. 

Misconception: Mobile Operating Systems Are Less Vulnerable 

Contrary to what consumers may assume, mobile devices are no more secure than other computers. Recently, the United States Computer Emergency Readiness Team (US-CERT) issued a report highlighting the dangers present in mobile devices. The report cited the increase in threats specific to mobile phones and existing vulnerabilities in all operating systems. This report also points out that typical attacks leverage mobile devices’ portability and their similarities to PCs. The mistaken perception that mobile operating systems are fundamentally more protected is dangerous, allowing hackers to take advantage of users’ naivete to exploit holes in their device security.

The Rise in Attacks Targeting Mobile Platforms and Devices

Mobile devices have many unique features, some of which introduce unique vulnerabilities. As global smartphone users increase, so do cybersecurity dangers. Recent years have seen a number of growing threats to mobile users. Among these, one of the most prevalent threats is mobile app fraud. A prominent breach in 2020 saw hackers use a massive network of devices to drain millions of dollars from online bank accounts, and single emulators can spoof thousands of devices simultaneously. Cross-border fraud is another rising concern, with 60% of businesses in the US and UK reporting incidents of this fraud type in 2021. 

Account takeover (ATO) attacks present yet another serious data security threat. Countless data breaches have leaked user identity information over time, making it easy for malicious actors to steal credentials that open doors to sensitive information. ATO attacks are one of the fastest-rising threats currently facing organizations and consumers alike. 2021 saw a nearly 20% increase in data breaches compared to 2020. Combined with phishing, social engineering scams, and AI-assisted machine-learning hacks, compromised login credentials are creating deep concerns among data security experts. 

The Need for Truly Secure Data

Known threats are not the only danger. According to the Identity Theft Resource Center’s 2022 H1 report, approximately 40% of data breach notices issued in the first half of 2022 did not include the root cause of the compromise. The top cause of data breaches so far this year is “unknown” due to a lack of missing root cause identifiers. For the first time since the ITRC began tracking data breach causes, the majority are unknown. Patching all of the potential holes in a security perimeter is especially challenging when not all threats are easily identified. The only truly safe solution is data that protects itself at every stage and, crucially, when accessed through any gateway.

BYOD policies are opening your network to a multitude of devices, many of which you cannot track or control. And while basic security measures like employee training, firewalls, and multi-factor authentication are still essential, they lose their value as soon as a breach has occurred. That’s why it’s vital to partner these measures with self-governing data, which protects against perimeter breaches. 

Traditionally, organizational data has been hidden behind firewalls and is left vulnerable to those already inside the system. However, Sertainty has redefined how information is protected to ensure data privacy even where firewalls fail. Using cutting-edge protocols and embedding intelligence directly into datasets, Sertainty leverages proprietary processes that enable data to govern, track, and defend itself. These protocols mean that even if systems are compromised, data remains secure.

At Sertainty, we know that data is the most valuable asset to your organization’s continued success. Our industry-leading Data Privacy Platform has pioneered what it means for data to be intelligent and actionable, helping companies move forward with a proven and sustainable approach to their cybersecurity needs.

Instead of focusing on your network’s inherent shortcomings, we enable our partners to safely and confidently embrace the potential of a new online-oriented world. Data breaches may be inevitable, but with Sertainty, privacy loss doesn’t have to be.

How Sertainty Serves and Preserves the Data Chain of Custody

Posted on by Nicole Tidwell

Sertainty and the Convergence of an OT and IIoT Environment

Posted on by Nicole Tidwell