Communications Security is still broken and we need to fix it.
Since April 3rd we have been inundated with countless news articles and blog posts regarding the massive leak of 2.6TB of data consisting of 11.5 million confidential documents and detailed information regarding roughly 214,000 offshore corporations listed by Panamanian law firm Mossack Fonseca. For more details on what exactly the Panama Papers are and the ethics of the situation there are plenty of other resources. The intent of this post is to focus on a different aspect of the leak — the security implications for businesses.
It was recently revealed that the Panama Papers leak was the result of an email server hack. While the details of this hack are not yet publicly available, it is yet another example of how enterprise security is still broken. In the last year alone, we have seen some of the largest and most significant data breaches as a result of poor enterprise security, in particular surrounding communications security.
Want some other examples? How about the massive Sony breach, the Pentagon email hack, the CIA Director email hack, the Schwab email incident, or the North Carolina Department of Health and Human Services (DHHS) email incident? All of this was just in 2015 (okay Sony was November/December 2014), and it is just the tip of the iceberg.
Whether it was in the public or private sector, in almost every one of these incidents the root cause was the human element in the mix. With the Pentagon email hack it was a successful spear-phishing campaign. In the case of the CIA Director, some simple social engineering did the trick. The employee at North Carolina DHHS simply forgot to encrypt the message before sending it out. Most experts will tell you that all of these issues could have been prevented with a better security training regimen — and to an extent they are right. What if we took a look at the contrarian view point for just a moment… That the answer lies in providing better and more secure communications software for the enterprise?
We need to protect users and companies from themselves. Build software that does not allow them to endanger themselves or the enterprise. The current security model when it comes to enterprise communications is severely broken and it is far past time we fixed that. An employee should not have to “remember” to encrypt a message before sending it — this should just happen for them. A user of any enterprise product should never have to thinkabout security to do their job.
At Bogart Associates, we’re helping enterprises build intelligent data solutions to help guard, collect, discover, and analyze data. Protecting users from themselves by building intuitive software that is secure by default is in our nature. If you’re interested in learning more about how we can help your business guard your communications and protect your enterprise, click here and request a free initial consultation.
Originally posted on Medium.
Written by Tim Tutt
Chief Technology Officer, Data Ninja, Technology Enthusiast