Search Here

Detection is Not Enough Protection


Detection is Not Enough Protection

  • Posted on July 31, 2018

Another day, another breach. For today’s purposes, let’s look at the recent data breach from Dixon Carphone, where the names, addresses, and email addresses of anywhere from 1.2 million users to 10 million users was exposed. While the breach just came to light recently after GDPR came into effect, the breach actually occurred back in July 2017. That’s right – for just short of a year, the company had NO idea it was subject to a data breach.

While details on the how, who, and why of this particular attack are still coming to light, it does bring up the fact that breach detection is not protection. In fact, in a recent study sponsored by IBM Security with research independently conducted by Ponemon Institute, the 2018 Cost of a Data Breach Study finds that the Mean-time-to-identify (MTTI) a breach is 197 days, and the Mean-Time-to-Contain (MTTC) is 69 days. This means that on average, it takes half a year to identify a breach! Just imagine how much data an attacker could get in that amount of time while going unnoticed.

This figure is unacceptable, especially since the security industry as seen an influx in support for threat detection tools over the last several years. This ranges from everything like network threat detection to understand and monitor traffic patterns and endpoint threat detection to track information/behaviors on user machines to popular threat intelligence tools like AI and ML for their self-learning capabilities and ability to recognize patterns and anomalies.

Unfortunately, the industry has made people believe that detection can work. We are not saying that no detection solutions work and they should be removed from your security strategy all together, but it’s clear detection alone is not enough. What we need is a new way to protect our data.

At ShieldIO, we believe the core focus must be on protecting the data at the foundation level. Given that a business will easily spend millions on their data protection solutions, it would only make sense to secure the data itself as it comes through and sits in your database. ShieldIO has developed a Secure Data Platform that acts as a layer between the user/application and the back-end data store and enables protection of all stored data, no matter where it is located, by uniquely providing field level security, removing these fields from the source, storing the encrypted data and separately, without changing the underlying database structure or using a keystore to manage the encryption keys. By doing this we are removing not only the hacker threat to the data, but also the more prominent insider threat, which is often very difficult to detect. By putting the security focus on the data itself, not just where it is coming from, where it is stored or being transacted to, it enables better protection for both external and internal threats that organizations desperately need to keep sensitive information protected, and not just reliance on monitoring and detecting anomalies within the system.