For the average consumer, data theft equates to the threat of having personal information stolen, bank records and maybe credit card details.  This can allow hackers to perpetrate identity fraud and whilst it can cause significant harm against an individual there are now a great many countermeasures in place to try to protect against date theft in an individual perspective.

However, for corporations there exists a real and identifiable threat.  This threat exists not only from hackers, but also from former employees and that bears a grudge or grievance against the company.  With the advent of digital storage and the popularity of road warriors, highly sensitive data is travelling a lot more than it should and we are now being exposed to the risks of data loss as well.

For many corporations, the thought about data security does not go beyond a firewall and an IT support team that are supposed to know what they are doing.  The truth is many IT teams in today’s corporate world are complacent in their methodology often using redundant technologies, which ultimately means more expense for the corporation.

How do you eliminate the risks of data theft? It is quite simple – you eliminate the value of that data by using technologies to ensure that if third parties may have a chance to acquire it, then it will be worthless.

Gold Line Group Ltd. works with IT executives to develop secure policies that ensure cryptography is not merely a buzzword technology, but a vital and lifesaving way to ensure accountability and also mitigate any losses.

Reports are in that T-Mobile, the ever popular US communications firm has recently became victim to the theft of highly sensitive data on operations, customers and also financial records.  According to postings on the internet, this information has already made its way to the underground auctions where it awaits the highest bidder.

T-Mobile has recently confirmed that they were the subject of attack, but they have denied any sensitive information has been stolen.  Three days after the attacks, T-mobile released a statement to the press in response to a channel insider inquiry stating that “protection of our customers’ information and the security of our systems is paramount at T-Mobile.” T-Mobile went on to admit that ‘a document’ had been stolen and that an investigation is underway.

The hackers are yet to substantiate their claims with anything other than the list of ‘servers’ which T-Mobile has already admitted to losing.  Perhaps the attacks never took place, or perhaps T-Mobile is deliberately keeping quiet?

T-mobile does not have the best reputation when you look at their track record. In 2005, it emerged that they were the subject of another massive attack, in which a hacker managed to access the sensitive information of T-Mobile’s full subscriber base of over 16 million customers.

As security analysts and encryption experts, we have to ask the question about both attacks: – Why does T-Mobile not adopt more rigorous multi-layer security?  Is encryption not at the heart of their policies?  After all, if they followed an appropriately multi-layered security policy, they would be able to mitigate the risks of any data theft.

We live in an age where there is a constant battle of competition going on amongst hackers.  Corporations are the victims, and many are literally blind to the risks, until they find out someone has just stolen the information of 16 million customers.   That is a lot of credit cards…

Organizations are finally starting to become aware of the benefits of using appropriate encryption technology to ensure that information they hold is protected against the risks of data theft and or manipulation.

However, with the growth in adoption of using encryption to protect files and sensitive data, organizations are failing to ensure that other policies are up-to-speed with the advantages offered by encryption. One of the largest gaps is the spending on training to ensure that there is critical awareness about the risks involved in failing to follow security policies.

Social attacks have played a part in various forms of hacking since it began, and given the increased security offered by encryption social attacks are once again playing a large role when it comes to acquiring access to encryption keys in order to decrypt and steal sensitive information.

In the corporate environment, data theft can cost billions of dollars. It seems stupid to try to cut corners by not offering appropriate security guidelines for staff that have physical or virtual access to any location where sensitive information is kept. This means ensuring that there are clear processes and guidelines in place when it comes to divulging key information.

However, hackers that try to launch social attacks are undoubtedly going to be able to find a weak link somewhere within the organization. The only way to limit the effects of social vulnerabilities within the organization is to ensure that key access is restricted to a few individuals company wide.

No matter what, social attacks will continue to be a risk that no software can guard against, as we are all vulnerable to the effects of coercion.
The only thing we can do is to ensure that employees are aware of the risks and access is restricted to all but the most trusted individuals.