It’s been another bad week in security.
Not only do we learn that so-called “friendly” governments are quietly requesting surveillance data concerning push notifications, but Apple tells us more than 2.6 billion personal records have already been compromised by data breaches in the past two years.
It’s almost as though the best way to ensure your online data is safe is to make sure no one stores any of it. It feels likely that the Apple-commissioned study (“The Continued Threat to Personal Data”) is designed to reinforce the company’s arguments around the need for strong end-to-end data encryption and security.
To me it’s tragic was even necessary to commission the report, given how obvious it is to anyone outside of some governments that the best way to secure data is to keep data secured, rather than introducing designer vulnerability. But this appears to be where we are.
What Apple said
In a statement, Craig Federighi, Apple’s senior vice president of software engineering, warned:
“Bad actors continue to pour enormous amounts of time and resources into finding more creative and effective ways to steal consumer data, and we won’t rest in our efforts to stop them. As threats to consumer data grow, we’ll keep finding ways to fight back on behalf of our users by adding even more powerful protections.”
Attack velocity is increasing incredibly fast
The study, conducted by Massachusetts Institute of Technology professor Stuart Madnick, found clear proof that data breaches have become a global epidemic. The number of data breaches more than tripled between 2013 and 2022 and has continued to worsen in 2023.
The big message is that robust protection against breaches needs to be mandatory. End-to-end encryption, for example, is all the more important when criminals and dodgy government-backed spies are attempting to break into the servers your data sits on.
That’s less of a problem when even the server doesn’t understand and can’t read that information. If the server can’t read it, chances are neither can the perpetrators.
We should use Advanced Data Protection
The report also delivers a pretty powerful message of recommendation of the need to enable Apple’s recently-introduced Advanced Data Protection for iCloud.
Apple’s data protection already extends to encryption of critical information such as passwords and other sensitive information. Advanced Data Protection adds protection for Notes, iCloud Backup, and Photos to the list, though there are some limitations.
It really should concern anyone online that the momentum of these attacks is increasing so dramatically. In the US alone, there were nearly 20% more breaches in just the first nine months of 2023 than in any prior year, Apple said.
The report also warns that more than 80% of breaches involved data stored in the cloud, even as attacks against cloud infrastructure nearly doubled between 2021 to 2022.
Attackers are sophisticated and…
2023-12-10 13:41:03
Source from www.computerworld.com rnrn