A: They both suffered an integrity attack and no, more encryption would not have helped.
In HSBC’s case they have an operational integrity problem. Like Snowden, Ole Herve walked away with a massive amount of confidential information. He had legitimate access to the underlying data and encryption would have been useless to prevent it.
In Anthem’s case they suffered a system integrity attack. Malware compromised the system which led to a loss of a customer data. As Ars Technica points out , you can’t encrypt data in use.
Security is broken because we are using the wrong assumptions. The only answer is to assume compromise and focus on detection at the data level rather than adding layers of perimeter detection that do not satisfy Geer’s law i.e. there is no empirical mechanism to verify the measures are working. Ole Herve broke the rules (integrity) of the system. The security administrators at Anthem were not able to say with certainty that their system was free of compromise (integrity).
A Few of the Reasons why Encryption is not Enough
- You can't encrypt systems (binaries, configuration files, routing tables etc)
- You can't audit encryption
- Encryption gives you a false sense of security
- To break encryption you simply need to compromise credentials.
- You can't encrypt data in use
- You can't prove encryption is working
Click here for the full article on encryption in data security.
So if encryption isn't enough, what else is there?
There has never before been a native forensic capability that is based on the provability of systems and data integrity. This capability exists today. The move to data-centric security is a paradigm shift in thinking.
- From 100% Protection is Impossible to 100% Detection is Possible
- From Encryption to Systems & Data Integrity
- From Perimeter-Centric to Data-Centric
- From Confidentiality to Integrity
- From Trust-based, Human-based security to Math-based, Machine-based security
- From Hope to Proof
Security Operations Centers (SOCs) are not a new concept. What is new is Guardtime's approach of instrumenting integrity - of systems and the operational rules that define their use, and then detecting a breach in real-time
and being able to act up on it. At the heart of our SOC offering is Black Lantern, designed to monitor
and enforce integrity across an enterprise.