Pervasive Encryption In The Cyber Crime Age
Staff Writeron 31 July, 2017 at 04:07
“The chance of a data breach in any given organisation over the next two years is 26%,” says Mark Moore, IBM Z Software Engineer, speaking at the launch of the IBM Z in Singapore. The average cost of a breach is $4 million, raising the stakes for compliance with security and data protection regulation.
IBM Z brings together machine learning and pervasive encryption, which simplifies the entire digital environment, especially with regards to compliance. But compliance is no longer enough. After all, Target was compliant with all contemporary standards at the time of its breach, explains Moore. It was still hit.
“Governments are getting tired of this,” he says. “Instead of regulating one industry, niche or principality at a time, the European standard is coming into effect… The EU wants you to feel a sense of urgency.”
Urgency might be an understatement. As of May 2018, the EU will be able to fine up to €20 million or 4% of your global income (whichever is greater) for failure to comply with the General Data Protection Regulation (GDPR). If you have data on an EU citizen, then you have to be compliant and are subject to fines — even if you are not based in the EU.
There are two key kinds of threat, Moore explains; external and internal. Companies are already in the process of preparing for external threats, motivated by the rising probability that they will be hit by a cyber attack. But what about internal threats? Every company should be proactive in how it manages functional and non-functional access to data. Functional access is when a worker requires access to that data in order to complete a task. Non-functional access is when a worker can access that data but has no need to (as was the case with the information leaked by Edward Snowden).
Moore cites a particularly egregious example of the vulnerability that non-functional access can create: a temporary employee walked into a Korean bank with a thumb drive and walked out with the payment records of 40% of the Korean population. The cost to the credit card companies was $97 million.
Gone are the days when hardware encryption was seen as enough. Dataset and network encryption are an important part of the pervasive encryption at the heart of IBM Z. Solutions have to apply to data when it is in flight, as well as at rest.
“There are regulatory threats that can fine you and shut you down for a while, but there are also existential threats,” says Moore. “You can lose your reputation, which is everything.”