Phishing attacks may be a fact of life... Data loss doesn't have to be
In the October 23, 2016, WIRED.COM article “Inside the Cyberattack That Shocked the US Government”, author Brendan I. Koerner presents an excellent chronology of the cyber attack at the U.S. Office of Personnel Management (OPM). This overview, however, includes a reference to a fundamentally flawed but universally understood cyber security tenet; one that is THE reason we have been (and will continue to be) afflicted by massive data breaches:
“THERE IS A COMMON misperception that the surest way to frustrate hackers is to encrypt data… The first item groups like these usually swipe is the master list of credentials… the ideal is one that belongs to a domain administrator who can decrypt data at will.”
By combining already proven cryptographic approaches with a unique system of hardware, key and privilege management, the TSM Lockbox removes the ability for the domain admin account (along with all other accounts) to view protected assets, all while continuing to allow people and systems to perform their necessary work functions
We’re debunking several widely held misconceptions with our new model:
The vast majority of the successful cyber miscreants of the world (see Equifax, OPM, Anthem, etc…) have very little interest or motive to tackle the plethora of formidable cyber fortresses wrought by the billions of dollars spent annually to keep them out; they don’t need to.
Albert Einstein once wrote, “The world as we have created it is a process of our thinking. It cannot be changed without changing our thinking.” Big Al nailed it.
So long as the process of our current thinking is predicated on the universally accepted doctrine that the domain administrators must and will have access to the keys to the kingdom, hackers need only focus on getting these credentials--and they can--and they will.
The real question is: What do you want them to be able to see when they get there?
Think you can't prevent data breaches? Think again...
The TSM Lockbox keeps the System/Domain Administrator account out of the protected data - while at rest, in transit, and in use
Staff can work effectively, even while the data is locked
Since the Admin accounts are locked out, all accounts are blocked