Thursday, February 13, 2014

Fighting fire with fire using Honey Encryption

A newly-developed encryption system by independent researcher Ari Juels and Thomas Ristenpart of the University of Wisconsin, has shown that trickery is an underexploited, but very effective tool in data protection.

Dubbed ‘Honey Encryption’, this security method adds an extra layer of protection to encrypted data by returning fake data every time an incorrect password or encryption key is made. If the attacker does at some stage guess the correct combination, the sensitive data will be lost among spools of false data.

Later this year, Juels and Ristenpart will present their Honey Encryption method and findings at the Eurocrypt cryptography conference.

Since cybercriminals have been using decoys since the very beginning, it makes sense for use the same techniques to our advantage. Using deception as a defense mechanism against cyber attacks is not only delightfully ironic, but very effective.

SA needs to shape up

Despite ground-breaking security developments taking place internationally, SA is said to still lack the security awareness and understanding to ensure adequate data protection.

A recent statement by Beza Belayneh, CEO of the SA Centre for Information Security (SACIS), suggests local organisations (outside the financial sector) often view cyber security awareness as sensationalism, resulting in what Belayneh terms "cyber security fatigue".

"Organisations will process and store large amounts of personally identified information and most of their business processes such as HR, finance and legal, are fully computerised and digital. Institutions don't realise that cyber attacks constitute data theft and can interrupt business functions."

According to the SACIS, local organisations are spending resources on cyber attack prevention, but throwing money at the problems will not help people understand the nature of threats and how to counter them effectively – a task which Belayneh says is never-ending. Instead,Belayneh believes the focus should shift to building resilient security frameworks.

"Institutions must develop a holistic approach that responds effectively to attack since they are impossible to avoid," he says.

Telspace is hiring!

And on that note, Telspace Systems is looking to hire a security analyst in South Africa, preferably Gauteng. The ideal candidate should be should be competent in a combination of Web application security, attack and penetration testing, network security,source code reviews, and mobile security.

For a more detailed description, please visit our job listing on LinkedIn or e-mail your CV to admin[at] 

No comments: