23 Oct Intel: Protecting Corporate Networks and Content from Cyber-Attacks
Major security breaches have become an almost daily occurrence and pretty much all industries are at risk. But Hollywood content producers in particular have been recently targeted. Getting content before its official release can be a big payoff for hackers as it can be used to extort the content owners. Hundreds of millions are at stake due to impact on operations as well as lost revenue from leaked content. As sensitive data and content is often stored across many companies, developing more robust security for corporate networks and high value video content can help reduce the risks.
Globally, individual data breaches in corporate networks cost on average $4 million, and it is up to $7.3 million for U.S. companies, according to IBM and Ponemon Institute’s 2016 Cost of Data Breach Study: Global Analysis. For many companies, cyber crime losses have also become a major factor effecting company performance.
Per a recent Forbes article, the top five weakest points for security breaches on corporate networks are employees, unsecure mobile devices, cloud storage applications, third party services and malicious software. Companies must anticipate the threats from all of these weak points as well as expect that new attack strategies can surface as hackers continually develop. But as cyber-attacks and breaches have risen to the point that they are almost inevitable, companies also need to mitigate the impact from a breach. There are many software tools available to help protect sensitive data and access to corporate networks. However, the software tools themselves can also be a weak point as malware can in some cases easily control software and even operating systems. In addition to software tools, hardware can also be used to enhance the security across a corporate network.
Hardware enhanced security for corporate networks
Software applications and even operating systems can be infiltrated by attackers that can access systems remotely from anywhere in the world. Once a system is compromised, attackers exfiltrate (siphon the data out of the enterprise) the data for their nefarious purposes. Software-only secured networks — no matter how sophisticated — are inherently hackable. Hardware-enhanced security for files and sensitive data can reduce the risk from a remote attacks and prevent sensitive data loss even if the physical device is stolen. Files themselves can be secured with hardened data encryption with solutions like Intel® Data Guard. Intel® Data Guard, available on 7th Gen Intel® Core™ vPro™ platforms, encrypts data at the point of creation. Encryption persists throughout the data lifecycle with access to data granted only to authorized users. Encrypted data at the hands of the attacker is now rendered useless. This allows employees to control file access even if the files are stored on a cloud or mobile device.
Misused and stolen user credentials cause 63 percent of today’s data breaches. Once a user name and password is compromised, it can be used to gain access to many services remotely without any association with the actual user. Intel® Authenticate is also available on 7th Gen Intel® Core™ vPro™ platforms and addresses this problem with hardware enhanced identity protection and supports customizable multifactor authentication. With Multifactor authentication, access is granted after a combination of factors – what you are, what you have and what you know are provided. Thus, Multifactor authentication adds additional security requirement for users who access systems. A user needs to confirm their identity through at least 2 factors such as password, mobile device proximity, fingerprint, or facial recognition. Moreover, with Intel Authenticate, all of these factors are stored directly in the hardware, raising the bar for security and making it harder for hackers to gain access to systems. Yet, it is easy to use from the employee’s perspective.
Securing content production and distribution in the cloud
A top target for hackers is pre-release movies or shows that can be used to extort content producers. This content can be stored on local machines, in the cloud, or at third party services. Even established security perimeters around these files have vulnerabilities. If a breach occurs, then ensuring the files are encoded and keys are stored securely is the first priority. But hardware-enhanced security can also add an additional security layer. Intel® Software Guard Extensions (Intel® SGX) can be used to protect these keys or sensitive data on devices that playback media files, but it can also be used in the cloud to protect media keys that are generated and shared between servers. Intel® SGX reduces the attack surface and controls access to keys by storing the sensitive data in enclaves that cannot be read or written from malware or a compromised operating system. Additionally this hardware assisted security with SGX can help secure files that extend across third party services or even edge networks during distribution.
Building hardware enhanced security perimeters is a good step to mitigate the impacts, but additionally, companies need to develop strategy and actively plan for scenarios in which their network or sensitive data is breached. Impacts from cyber-attacks are now a major cost factor for companies and proactively understanding how and where sensitive data is stored, potential security weaknesses, mitigation strategies, and new technologies to combat cyber-attacks is now a required corporate strategy… and it’s here to stay.
Jim Gordon is GM of Data Center and Client Security Platforms, Intel, USA, and was a speaker at DEG’s Fall 2017 Membership Meeting on Cyber Resilience in the Entertainment Industry.
For more information, please visit www.intel.com