The Rise in Cyber-Attacks from Bad International Actors

There has been a rise in cyber-attacks on banks and financial institutions from bad international actors, and it stems from organizations approaching encryption wrong.

By Scott Bledsoe, CEO, Theon Technology

The rise in threats from criminal international actors has been an ongoing problem for the security industry and only continues to grow. At this rate, breaches have become so common that companies almost expect them. Cybercriminals are always looking for ways to access and take precious data from organizations in the U.S., no industry is an exception and what’s incredibly worrisome, is that it’s disturbingly easy to do. Additionally, with the rapid advances in quantum computing, bad actors have the potential to access weapon designs, undercover programs, pharmaceutical and chemical intellectual property, financial data and material science research. Cyber criminals are staying on the pulse of updates in technologies as well as security gaps to find ways to access data and use it for malicious purposes. The time is now to act and adopt new ways to protect their data.

Why is it So Easy for Cybercriminals to Decrypt Data?

Cybercriminals globally, are targeting heavily sensitive data and stockpiling network traffic to decrypt later on and sell to the highest bidder, when the speed and efficiency in quantum computing development makes it possible. In turn, quantum-assisted decryption will be available sooner than quantum-assisted encryption, giving cybercriminals an even bigger advantage. Every industry is faced with the dangerous threat this insight poses, resulting in the need to incorporate extra precautions and safety measures into their current security programs. Even with sufficient security measures in place, companies are still not as secure as they think. The reason cybercriminals can access data so easily, leaving companies frighteningly vulnerable, is due to the aging technologies that have been historically used as engines for encrypting and decrypting information. The use of a single key to encrypt all records and store them in an unprotected environment, plus the use of older technologies, creates the ideal situation for cybercriminals at home and abroad to crack the code.

Old Ways Won’t Open New Doors 

The use of older encryption methodology has reached its limit. Old-school encryption implementations are vulnerable with the impending availability of quantum computing, and won’t provide strong enough protection and security, resulting in weak links that are easily broken using general hardware accessible to anyone. By not adapting and implementing change, organizations nationwide are leaving themselves vulnerable to being targeted by bad actors and exposing their data and that of their important stakeholders or customers. As the amount of data that companies use increases exponentially, outdated software does not have the ability to keep up with the data explosion. The consequence of managing large data volumes with limited resources creates an open window for cybercriminals. The old cryptographic order that was used at the beginning has provided us a starting point to evolve and develop a deeper understanding of the risks at hand. It is time to embrace new encryption solutions in the era of quantum computing.

Out With the Old, and In with the New

Advances in mathematics, artificial intelligence, deep learning, and deep neural networks, plus emergent quantum computing, threaten the aging foundations of status quo cryptography, making now the time to act and assess security measures currently in place and update them to better protect vulnerable assets. In addition to the choices made by business leaders when it comes to security priorities, they must pivot and focus less on convenience, and expediency. It’s vital for all organizations, especially banks and financial institutions, to ensure their most private data is protected as strongly as it can be as cybercriminals are becoming more sophisticated by the minute. International cybercriminals are benefiting from the application of poor encryption, which includes the use of a single key to encrypt all records along with storing the key on the same system as the data. By using a single key, you are practically handing over the key to all your data to the attacker. All it takes is for an intruder to gain access to the key and they will have access to all of an organization’s data.

Getting Ahead of the Curve

It’s crucial for organizations to be aware and review current encryption policies deployed, and to secure any open vulnerabilities that can be exploited. Even though the advantages new quantum computing approaches provide are still a decade away from completely overturning current traditional methods, we are seeing an increase of data being harvested so that it can be decrypted once quantum computers of sufficient power are available. Organizations need to get ahead of cybercriminals by integrating an extra layer of protection by applying quantum-resistant approaches to their security environments, to avoid a potential breach today or in the future. Quantum computers can decipher cryptographic keys at impressive speeds and create threats that organizations were not prepared for.

New approaches are necessary to securely generate keys that withstand the threats quantum computing presents, and to keep sensitive data out of the hands of cybercriminals; Ultimately mitigating potential short and long-term harm. All critical infrastructure, transactions, and processes relying on cryptography that are not quantum-safe are at risk of being compromised, causing widespread disruption.

About the Author

Scott Blesdoe, is the CEO of Theon Technology. He has successfully led organizations and teams in IT and IT services across business-to-business and business-to-consumer brands from startups to Fortune 500 organizations. Scott has deep experience in fund raising, strategy development and execution, team building, revenue and expense expectation management, business development, investor and board relations along with public offerings and acquisitions. Scott, most recently was at Dell/EMC after selling Avamar to EMC. https://theontechnology.com/