In light of charges filed last week in a US court against five cybercriminals, in what’s being considered the largest ever US data breach, Voltage Security cautions that the risk is still high but can be avoided with a data-centric security strategy. Voltage customer Heartland Payment Systems was one of the companies involved in the attacks.
"It's good to see attackers prosecuted, but the fact is the damage is done - millions of dollars’ worth. More alarming is that these failures to protect data assets in the fact of sophisticated adversaries are all avoidable at a cost that is pennies on the dollar compared to the cost of repair," said Mark Bower, VP, Voltage Security.
"What's more, the US Government is already far down the path of new technology standards to define the next generation of data protection technologies, so industry can once and for all get ahead of the rising breach risk problem using proven, standard and recognised approaches - a gap which has seen all manner of potentially risky solutions emerge as the market looks for silver bullets.
“The fact is, leaders in the banking, healthcare and defense sectors are already embracing the newer breed of data protection technologies and taking the attackers head on. With the new ‘data-centric’ security approach to data protection, the table is turned,” he said.
“Attackers who get their hands on the data get nothing, yet the data owners continue to get value from their data assets without even flinching. Data-centric security has emerged as the leading approach to stop CISO's from losing sleep at night over fears of breach risks,” Bower added.
"More recently, with Big Data in the spotlight with all its power of insight and business value, so is the risk it brings to the table. Sensitive data at scale means big risk. Fundamentally, the concentration of sensitive data inside a Big Data tool like Hadoop that's optimized to analyse, search, and digest data at massive scale and velocity plays into the attackers hands if the data itself is not secure. Standards-based data-centric security solves that difficult problem - protecting data while simultaneously liberating it for analysis in low trust environments. Data security has to be hand in hand with data use, storage and movement - what used to be separate matters of storage protection and transport protection with all sorts of exploitable security gaps especially during live data handling, can now be unified at the data level, putting the control back to the business and removing compliance barriers and attack vectors efficiently and quickly,” he explained.
Voltage Security delivered the primary technology that enabled Heartland to recover from this breach in less than 60 days. Heartland CEO Bob Carr acknowledged “Every single breach I know of wouldn't have happened if our end-to-end encryption solution had been there.”
“We provided the technology to remediate their breached systems, their merchant systems, and their merchants. We protect their data. We helped Heartland save their business,” said Bower.