In our last post, we talked about the state of security for the Internet of Things (IoT) and how BOHH Labs’ approach brings more confidence to keeping these devices secure. This week, we will take a look at some of the most famous corporate data breaches to occur, and how BOHH could have prevented them.
Breach: Equifax (2017)
One of the biggest data breaches to dominate headlines recently is the Equifax breach. While it may not go down in history as one of the biggest breaches, it certainly made a big splash due to the sensitive nature of the data that was leaked. Over 143 million consumer records were exposed, and the information exposed included names, Social Security numbers, birth dates, addresses and in some cases, driver's license numbers. Due to poor network security and failure to update its software, hackers gained access to Equifax’s database through a web application vulnerability. While it was thought it was a US attack, its impact was global and affected Equifax customers and non-customers.
Type of Breach: Web Application Attack, leaving gaping holes to its network for hackers to exploit.
How BOHH Would Have Prevented It: Because BOHH’s service intersects all data requests, it is able to stop malicious attacks on the back-end database. Each data request has to go through a validation process before it gains authorized access to the backend database. BOHH also uses a patented system so a user’s data request never has direct access to the network server It can also check the return from the database, making sure only authorized information is returned.
Breach: Target (2013)
Though this breach took place several years ago, this is still one of the most famous breaches that has occurred due to the volume of people affected that compromised millions of its customers’ credit card and debit card accounts. All it took for 70 million people to have their credentials stolen was changing one line to the source code in the payment processing system and voilĂ . Target was unaware of the redirection of credit card details for a significant period of time which impacted their ability to resolve the issue and reduce the customer and finance impact.
Type of Breach: Phishing Attack, threat from unwanted access to a website, where changes are made to the website code enabling data to be re-routed/pushed to thief.
How BOHH Would Have Prevented It: BOHH prevents data from being re-routed through its patented block file system enabling full encryption of a website inside the firewall. When a user requests the website, BOHH goes to the server, and the AI engine pulls up the right blocks and decrypts them. It then puts the page together and passes it in memory to the web browser. This is without any direct access to the server from the requester, preventing phishing attacks and website changes to confidential data.
Breach: NSA Contractor Edward Snowden (2013)
One of the biggest intelligence leak in US history took place thanks to a NSA contractor abusing his system administrator insider access to the database and confidential information.
Type of Breach: Insider Threat/System Administrator abusing internal control and weakness in security procedures to leak confidential information.
How BOHH Would Have Prevented It: With BOHH, each dataset is encrypted with dynamically allocated keys and no encryption keystore, making it impossible for any user (including database admin) to steal useable data. This means that even if an insider gets access to confidential information, it is unreadable because there is no way to hack the encryption key.
These are just a few of the many attacks that could have been prevented by BOHH’s innovative approach to security.
Now that we’ve highlighted how BOHH could have helped prevented some of the most famous breaches around, come back next Tuesday when we take a look at some of the best security techniques being used to keep our data protected and give thanks in honor of Thanksgiving.
No comments:
Post a Comment