It is an irony of the times we live in, that, while the need for securing our data becomes more urgent and the consequences for failing to do so become more dire, the internet is becoming a more dangerous place. The number of companies suffering data breaches has grown steadily over the last 10 years and so has the size and scope of these attacks. Consider the attack in 2017 on Equifax 1 which leaked details of half the American population, or on Marriott 2 which leaked the details of half a billion guests. It is essential nowadays to guard ourselves and our data more carefully and diligently than ever.
Failing to protect your system will hurt
Data breaches have real, financial consequences. Sony received a fine of $400,000, while Equifax received one of $660,000 for their failure to protect users. If that doesn’t grab your attention, then consider the eye-watering $148 million fine meted out to Uber by US authorities after a successful attack on their systems in 2016 3. There are other, less tangible consequences for failing to properly secure your systems. The loss of reputation. The loss of customers trust. The very real harm that can be inflicted on individuals whose private medical, or financial data finds its way into the sticky fingers of the highest bidder on the dark web.
So, what can we do to protect systems from these threats? There are many approaches and philosophies, depending on your area of expertise. Since I am a software engineer, I will give my thoughts from this perspective.
Security must be baked into your system from the beginning. It cannot be bolted on at a later stage. It is never too early to start thinking about how to secure your system. There are 4 stages to implementing good security:
This is the phase most people are familiar with. Simply put, it involves preventing unauthorised people from accessing your system. We have all encountered the basic tools of this phase: strong passwords and pin numbers. Or more recently fingerprint scanners and facial ID, as on newer Apple devices. But going deeper, there is a responsibility on designers to protect against the common attacks that are deployed by hackers, such as cross-site scripting or SQL injection. Essentially these are attack’s that target websites or other endpoints that are unprotected and do not prevent rogue actors from executing malicious commands in your system. Geographical fire-walling is another common technique. If your customer is based in Europe, then you should not be allowing computers from China to connect! Tying sessions to IP addresses is a good way of stopping hackers from hijacking an innocent user’s session to infiltrate your network. All these protections are designed to ensure that only people who have a right to access your system and the data it contains, may do so. The result should be a layered system, where, if the attacker breaks through one of your defences (e.g. they acquire a user password), they are still faced with the next wall.
The only thing worse than a breach, is a breach you don’t know about! Apart from making you extremely vulnerable to multiple attacks, you run the risk of a PR disaster when your users first hear about it in the press or from a blackmailer. Any secure system must be able to detect attacks, both successful and unsuccessful. This allows you to respond quickly, assess the damage and close the hole to future intrusions.
Logging is the most basic requirement of a secure system. Log everything! Every logon attempt, every user interaction, every request for data. If something goes wrong then you have a record of what/when/how. Monitoring tools can provide alerts for suspicious activity via emails, texts or instant messaging. If you are lucky you can block the attack before it succeeds. If not, at least you can shut it down quickly and assess the damage. Many countries/districts now have laws in place requiring companies to disclose details of any breaches. Such a task is made much easier if you actually have a record to what happened. To quote a cliché, ‘knowledge is power’, even if sometimes that knowledge is the unpleasant awareness that you are under attack.
However, as the numerous, widely reported breaches in recent years have unfortunately shown, even the best protected systems may be infiltrated. If companies like Microsoft 4 and Sony 5 can be victims of hackers, then it is reasonable to prepare for such an event in your system. Damage control means limiting the harm if a breach does occur.
Encryption is the most common tool here. If a hacker does access your data, if it is encrypted, it is of far less value to them. Never store passwords or security answers in plain text, store them as hashes instead. Then if they are leaked they are of little use to anyone. For extra protection, you can add salt and pepper to the hashes making them even more secure. This means simply adding extra randomness to your encryption to make it harder to crack.
Siloing is another common method for limiting data loss. A well designed system should place different data in different, independent locations or silos. Medical records do not belong in the same database as financial data. Then if a bad actor does gain access to part of your system, they will at least be limited to just the data in the area they breached.
Permissions can also mitigate losses in the event of a successful attack. Users should only have permissions to access parts of the system that are relevant to them. If a user account is hijacked, then the attacker will only be able to access the same areas that the user could, and not the entire system.
The end goal is to limit the data lost and the damage done to a system in the unfortunate case that your defences are overcome.
The final link in the armour of secure software is constant re-evaluation. Over time, threats evolve, new ones emerge and the systems they target change. A system that is not maintained cannot stay secure forever, or in today’s world, for very long. It is therefore essential that you constantly re-evaluate your security. Regular penetration testing by an independent expert can test your system to spot any holes that changes or updates might have introduced, as well as testing out new forms of attack to check for undiscovered vulnerabilities. Finding a security issue in your own system is always preferable to a hacker finding it first. This will give you time to fix it before it can be exploited.
Soteria and Security
At Infocare, it has been apparent from the beginning, that since we were dealing with such sensitive data, security has to be of paramount importance in our designs. The decision to use the iPad for our mobile app, was based partly on Apple’s well known and rigorous security requirements for their devices 6,7. All data stored on the iPad is automatically encrypted and Infocare also adds further encryption on top of this. We use all of the techniques mentioned above, and more to prevent unauthorised access to our system; strong passwords, IP address checking, fire-walling as well as other barriers to intruders. Highly sensitive data like passwords or security answers are never stored in plaintext in our system. Rather they are stored as cryptographic hashes which have been peppered to make them even more secure. All our data is siloed and permission protected. We have extensive logging, making sure that nothing happens in our system that we do not know about and any suspicious activity will immediately trigger alerts for us to investigate. We regularly employ trusted companies to perform penetration testing on the Soteria system to ensure that it remains as protected as possible.
Data security should never, ever be taken for granted or neglected. The harm that can be done to the individual victims and to the companies they trusted is simply too great in the digital age for us to be anything but at our most vigilant. Soteria is designed to be a safe, protected system for our users and we strive to keep it that way, whatever the future holds.