Data encryption is threatened by government forces who haven’t yet recognized that without personal security, you cannot have enterprise security. Because attackers will exploit any available weakness to undermine protection — and if your people or your customers aren’t secure, neither is your business.
Get with the data
Attackers will always go where the money is. They will spend lots of it to mount attacks. They will delve deeper, and if they’re spending money, they also have the necessary resources to investigate absolutely anyone they can identify as a potential target.
Such targets could be someone who works in a company, government, or enterprise, but the attack surface could be something as simple as a link they’re tricked into clicking based on insight into their personal information (insights that would not exist if that data was protected and secured).
It could also be a link a person connected to them, including less tech-savvy relatives, is tricked into clicking. Attackers are smart enough and have the resources to develop multi-stage attack patterns to get what they want; they just need access to personal information to guide their hand.
That’s why it is vital to ensure personal data is properly protected.
But the security of personal data is precisely what shoddy laws such as the UK Online Safety Bill threatens, because when it demands a weakening of messaging encryption it also means that any government anywhere — including those we do not trust — can demand the same. It also means that the keys to these personal data kingdoms will eventually slip into the hacker mainstream — even those high-value NSO Group exploits were sold on the dark web for a while.
Weakening systems by design makes zero sense
The weaker a system becomes, the more attacks emerge to exploit those weaknesses; this is the fundamental problem of enforcing data security weakness by design.
What that abuse of the human right to privacy means is that it becomes that much easier to exfiltrate personal information concerning a target of interest (Even if you need to bribe a couple of corrupt government officials to do so).
We already recognize that humans are the weakest link in any security infrastructure. But what isn’t sufficiently recognized is that any action that puts those humans more at risk makes anyone they work for more vulnerable.
A well-resourced attacker will simply identify who works at the company they’re aiming for and then find ways to compromise some of those individuals using seemingly unrelated tricks. That compromised data will then feed into more sophisticated attacks against the actual target.
So, what makes it easy to create those customized attacks in the first place? Information about those people, what they enjoy, who they know, where they go, and how they flow. That’s precisely the kind of data any weakening in end-to-end encryption for individuals makes easier to get.
Because if you weaken…
2023-07-19 02:24:02
Article from www.computerworld.com rnrn