Data Security in Flux

Bad actors looking to exploit technical vulnerabilities are everywhere: just see how the US Secret Service had to dismantle a network of over 100,000 SIM cards in New York City that would’ve been capable of all kinds of communications disruption.  Meanwhile, the expiration date of 2015’s Cybersecurity Information Sharing Act (CISA) is fast approaching, lapsing short of renewal (and hopefully improvement) by the US Congress.  Though not viewed as a resounding success, CISA has facilitated the sharing of security vulnerabilities, which is more necessary now than ever with AI and a constantly expanding attack surface for all industries.

In regular breach news, Stellantis, the parent company of automotive brands Citroën, FIAT, Jeep, Chrysler, and Peugeot, recently spoke about a data breach that has affected North American consumers.  A third-party vulnerability led to compromise of Stellantis data of customer names, addresses and other contact info.  The company notified affected customers and advised them against falling for fake emails and phishing links.  

The pattern of cyber attacks in this industry is by now well established, following breaches at Jaguar Land Rover that disrupted factory operations, as well as a Volkswagen Group breach that impacted 800,000 customers across the Volkswagen, Audi, Seat and Skoda brands.  Unfortunately, the auto industry in particular is prone to “a sprawling ecosystem of suppliers and contractors,” says Anders Askasen, Director of Product at Radiant Logic, “and not having the unified visibility and control creates systemic exposure.”  

This makes social engineering schemes like phishing attacks easy to pull off, especially these days where AI and deepfakes can be used to send even more convincing emails or phone calls.  If you’re sure that it’s a real, legitimate person contacting you from a legitimate organization…well, history shows recipients are more likely to click on it.

This is why regular employee training and multi-factor authentication are crucial steps to protect sensitive data against phishing schemes.  Strong data encryption is an indispensable backup layer for when these perimeter methods fail.  Against this background of growing attack surfaces and legislative uncertainty, NetLib Security’s Encryptionizer offers transparent encryption of stored data, protecting data right out of the box with no additional programming necessary.  Encrypted data is rendered virtually useless to cyber criminals; while it won’t take down a sprawling SIM network of organized crime or nation-states, it will keep organizations in step with compliance standards and protect against the punitive consequences that follow a data breach.