Member-only story
You may have noticed that companies with encrypted data still get hit with embarrassing breaches. In this article, I’ll explain why encryption is the weak link in any security policy, and how to make your data harder to steal.
Encryption Is the Weak Link
I was teaching a security segment to the team at a public utility on the East Coast a few weeks ago. I asked one of the managers (I’ll call him Paul), “Do you take that laptop home at night?” When he said yes, I asked, “Can it be used to access any control systems?” Paul replied, “Yes, but we use a VPN, so it’s safe.” I smiled, because now the demonstration I was about to do would be a lot of fun.
My demo computer was already connected to the projector, and my screen was displayed for everyone to see. This computer has an unpatched vulnerability, and I taught the class how to exploit it. There were about a half dozen people connected to my machine at the same time, and there was no visible clue on the computer’s desktop.
I had the “attackers” go into a specific folder, and let them create, modify, copy, and delete files. Everyone was watching my computer on the big screen. I checked email. Then I opened a web browser. Still no sign of any monkey business.