Lessons Learned from CIA WikiLeaks Fiasco: Breach Prevention Starts with Content Protection
Oh, No—Not again!
No one should be surprised. And yet, we are. We know that hackers have the tools to breach. The real surprise is that organizations are being lax and not moving fast enough to take the right preventative steps by implementing in-use content protection. We can’t stop the bad guys from trying—but we can stop them from getting their hands on our stuff, and sharing it without permission. Government organization or company—this must stop. We need content protection.
NPR reported on March 8, 2017 that WikiLeaks released thousands of files identified as CIA documents related to the agency’s digital espionage tools and programs. The files included instruction manuals, support documents, notes and conversations about—among other things—efforts to exploit vulnerabilities in smartphones and turn smart TVs into listening devices.
The hack occurred. That was the first failure. Then the challenge became how to stop the data (unstructured) breach or nefarious procurement of the content. And how to monitor and track attempts of the unauthorized use for accountability and adaption.
Could This Have Been Averted?
The short answer: You bet. If the data had encrypted in-use protection, it would be accessible to only the device(s) and user(s) with specified usage rights—manually or automatically applied based on policy. This provides protection beyond just access control, which allows the authorized recipient to decrypt encrypted content without further protection. If hacked and breached, the horse is out of the barn—the content is free to roam.
With in-use protection, since the content is tethered to the specific device and user, an authorized receipt could get hacked—but the hack would be mitigated. The attempted breach of the stolen content would be useless and WikiLeaks would have nada to report. And if a structure were put into place that supports tracking, monitoring and compliance reporting for authorization, and attempts of unauthorized use of content—who, what, where and when—it would provide an assessment and rectification capability. Breaches are an invasion, if not subject to the Whistleblower Protection Act of 1989.
What’s the Best Way to Prevent a Hack or Breach?
The short answer: GigaCloud™ from GigaTrust™, delivering full control on who can view, print, forward or edit files and documents with a secure private key. If the CIA had GigaCloud—the emails and documents would still be confidential property of the CIA with their rights persistently assigned.
GigaCloud Solution for the CIA
Organizations that apply rights management and enforce security permissions (or rights) down to the digital content (emails, documents, pictures) level—resulting in content being protected from misuse while at rest, in transit, and most important, in use—even when opened by any permitted recipient, will have a moat to a breach. The Department of Veterans Affairs has been using GigaTrust content protection for 10 years, which has evolved. The ability to track and monitor for authorized, and attempts of unauthorized, use of content is like posting a sentry standing guard. GigaCloud is the sentry of choice.