Data Theft is a Cyber-Epidemic
By: Kevan Gibbs
The vulnerabilities related to critical data residing as plaintext (unencrypted in RAM, cache, CPU, storage, processing server, etc…) to be searchable is the truest definition of a cybersecurity epidemic. The news headlines have been filled with a never-ending stream of data-theft breaches and ransomware data abductions. These attacks are spreading at a rate similar to any flu virus.
CRN – The 10 Biggest Data Breaches of 2022
To date, businesses of all sizes, from healthcare to insurance to banking, and even critical infrastructure utilities have relied on industry best practices related to encryption. When it comes to critical data at the core, transactional database layer, the go-to solutions have been encryption at rest and encryption in transit. Today, there are many excellent encryption at rest and encryption in transit solutions available, and they do a great job securing critical data while in those proper states. When the data is static (at rest) it’s protected by encryption at rest. When the data needs to be sent from one database to another (in transit), it’s encrypted in transit. Most companies already have data at rest and in transit covered. Yet, many companies, even with these solutions, still suffered from data breach or ransom attack. In essence, they still got sick because we’ve mostly contained just two strains of our cybersecurity flu.
Necessity + Lack of Solution = Acceptable Risk
This brings us to the most concerning cybersecurity flu strain plaguing every business today. The data that is moved from encryption at rest (not searchable state) to memory or storage for active use (searchable data in use state). This vulnerability has largely been deemed an acceptable risk (unavoidable risk). After all, we require most of the data we collect to run our business. It’s fair to conclude that this critical data IS our business. Without a viable solution to protect critical data while in a use state, the data theft and ransomware epidemic will continue on its current growth pattern.
Paperclip Blog: Encryption-In-Use: The New Privacy Frontier
Should the cost of data theft and ransomware attack just be a cost of doing business?
If you’ve read the SecurityIntelligence – Data Breach Report article, or any cost of data theft study, I’m sure your answer is “NO”. The challenge described, and the question asked is literally the Paperclip story. The team at Paperclip refused the notion that critical data residing in a state of plaintext for the purpose of active use was an acceptable risk. Paperclip’s core operation, as a content management company trusted by the insurance, banking, and securities space, requires them to be custodians of vast amounts of critical data. After looking at the catastrophic impact data theft and ransomware breaches had on business operations, finances, and reputation, Paperclip leadership knew they couldn’t justify the risk. For Paperclip, data theft would not be a “cost of doing business”, it would have been a cost of going out of business. Something had to be done.
At a minimum, we all require encryption at rest, in transit, AND IN USE/IN PROCESS.
Four years of development resulted in the tool Paperclip now utilizes within their own environment to protect the critical and sensitive data they maintain. After Paperclip’s initial deployment internally, it was realized that others could benefit from this new encryption in use tool. That was a little over two years ago. Paperclip spent a little over two years in stealth mode solidifying multiple international and U.S. patents, testing the solution’s security controls, building simple implementation protocols, and getting ready for commercial adoption. In September of 2022, Paperclip introduced Paperclip SAFE® to the market.
Yes, encryption in use isn’t yet required for compliance or even any type of cybersecurity certification. That’s the difference between being compliant and being secure. It comes as no surprise; threat actors take advantage of that gap between compliance and security because they know where most business’ energy is focused. We all must do better.
Contact the Paperclip team today to learn more about how Paperclip took SAFE beyond encryption. Paperclip is currently seeking companies who want to better secure their critical data as well as vendors and software developers looking to integrate Paperclip SAFE® into their data security strategy. Paperclip is a SaaS solution hosted either in our Azure cloud environment or within a client’s environment. The engagement process is easy, as Paperclip offers a trial.
Take the first step in stopping the epidemic by protecting your clients, your employees, and your business. Click the button below to schedule an introductory call with Paperclip today.