Per the Ponemon Institute’s “2015 Cost of Data Breach Study: Global Analysis” report, the average total cost of a data breach for the 350 companies that participated in the study increased from $3.52 to 3.79 million.
The increased costs are not due to the actual act of the cyber-attack; rather, it’s the ripple effect of the attack having taken place.
“In the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber-attacks. However, there is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives to pay greater attention to the security practices of their organizations.”
Terbium Labs has come up with a unique response to these attacks: they won’t promise their clients will never lose data, but they will change how these companies react when said theft takes place.
“We started Terbium with the thesis that defense, while still necessary, is no longer sufficient. In today's insecure digital world, your organization's critical data will always be at risk, whether from a sophisticated outside actor or inside threat. That's why modern organizations are shifting their information security focus from prevention to risk management,” said the team.
The company’s Matchlight system allows breach discovery to be immediate and automatic. It’s the former selling point that’s key, though, as it indicates to the hacked company within seconds or minutes that data theft has taken place; this, as opposed to months later (the average data breach traditionally takes 200+ days to discover — 85% of which are discovered by external third parties). Such faster discovery allows a company to start remediation plans before the real costly damage occurs.
“Overall, the system allows companies, such as retailers and financial institutions, to detect whether a criminal has published some of their data on the Dark Web without revealing to anyone the exact nature of the sensitive data,” said MIT Technology Review.
A bit more specifically, Terbium Labs’ patent-pending, one-way digital fingerprinting technique is what makes the difference. It collects fingerprints from across the internet where stolen information is traded (including the Dark Web markets and forums). They then monitor for matches in a company’s system and if such a match is noticed, the IT director is notified immediately.
This technology is called “cryptographic hashing” and it’s specially designed to ensure that no one (including Terbium Labs) can decipher the originating data. It achieves its heightened level of stealth via a hash function that takes an input or message and returns a fixed-size alphanumeric string. When elements of a company’s data (as short as fourteen bytes) begin to show up on the Internet, the Matchlight program will notify the company. At this point, the organization can begin their remediation plans before any further damage can occur.
Terbium Labs proposes their Matchlight system can be used by health care providers, banks, payment card providers, payment processers, and other financial services companies; it could also be utilized within engineering and manufacturing organizations, among other sectors.
“Organized crime and foreign nation-states make up a majority of industrial-espionage attacks, and their frequency continues to rise,” said the company.
Terbium has already tested the Matchlight system out with a number of alpha and beta clients. “Already the system has helped companies testing the system find thousands of credit-card numbers that had been put up for sale on the Internet. While the Matchlight system catches attackers only after they post data following a breach and does not prevent the original compromise, it does reduce the time between compromise and discovery,” said MIT Technology Review.
According to Jeremy Kirk, IDG News Service, who met with Terbium’s CEO Danny Rogers to discuss the technology in an article: “Rogers said the first day Terbium turned Matchlight on, it found in a single 24-hour period 20,000 to 30,000 credit card numbers and 600 leaked email addresses and passwords. Both sets of data were detected minutes after being posted, Rogers said.”
To learn more, or to see if your company qualifies to test Matchlight, visit terbiumlabs.com
Via TechXplore
Learn more about Electronic Products Magazine