A newly-developed encryption system by independent
researcher Ari Juels and Thomas Ristenpart of the University of Wisconsin, has shown that
trickery is an underexploited, but very effective tool in data protection.
Dubbed ‘Honey Encryption’, this security method adds an
extra layer of protection to encrypted data by returning fake data every time
an incorrect password or encryption key is made. If the attacker does at some
stage guess the correct combination, the sensitive data will be lost among
spools of false data.
Later this year, Juels and Ristenpart will present their
Honey Encryption method and findings at the Eurocrypt cryptography conference.
Since cybercriminals have been using decoys since the very
beginning, it makes sense for use the same techniques to our advantage.
Using deception as a defense mechanism against cyber attacks is not only
delightfully ironic, but very effective.
SA needs to shape up
Despite ground-breaking security developments taking place
internationally, SA is said to still lack the security awareness and understanding
to ensure adequate data protection.
A recent statement by Beza Belayneh, CEO of the SA Centre for Information Security (SACIS), suggests local
organisations (outside the financial sector) often view cyber security
awareness as sensationalism, resulting in what Belayneh terms "cyber
security fatigue".
"Organisations will process
and store large amounts of personally identified information and most of their
business processes such as HR, finance and legal, are fully computerised and
digital. Institutions don't realise that cyber attacks constitute data theft
and can interrupt business functions."
According to the SACIS, local
organisations are spending resources on cyber attack prevention, but throwing
money at the problems will not help people understand the nature of threats and
how to counter them effectively – a task which Belayneh says is never-ending.
Instead,Belayneh believes the focus should shift to building resilient security
frameworks.
"Institutions must develop a
holistic approach that responds effectively to attack since they are impossible
to avoid," he says.
Telspace is hiring!
And on that note, Telspace Systems
is looking to hire a security analyst in South Africa, preferably Gauteng. The
ideal candidate should be should be competent in a combination of Web
application security, attack and penetration testing, network security,source
code reviews, and mobile security.
For a more detailed description,
please visit our job listing on LinkedIn or e-mail your CV to
admin[at]telspace.co.za
No comments:
Post a Comment