If hackers can’t see your data, they can’t steal it either…

Dec 20, 2021

(article: By Dylan Popovic)

To beat a hacker, let’s think like a hacker.

The most common motives for cyber attacks in 2021 are Data Ransom, Identity Theft, Industrial Espionage and quite simply “just because they can”.

Ransomware attacks are typically the most profitable and unsurprisingly the fastest growing type of cyber attack. These attacks involves hackers penetrating systems (often through phishing emails or ‘watering hole’ websites) and copying and/or encrypting data for financial gain.

The motivation usually falls in one of these categories:

    • Reputational blackmail – attackers get hold of sensitive data, often containing client or commercially sensitive data, and request a Bitcoin ransom in order not to make the data public.
    • System downtime ransom – attackers render data and systems unavailable by means of encrypting them in situ and request a ransom payment in order to provide a decryption key to restore access.

Most organisations feel relatively comfortable by the latter threat (data encryption) due to advances of backup technology and rightly or wrongly believing that they can restore their systems from last night’s backups. After all, very few SMEs would collapse if they lost 15 hours of data.
Understandably though, reputational blackmail is a worry shared by over 80% of CTOs and business owners.

“If my client’s confidential data ends up on a public website for the whole world to see, my business is finished overnight!”

But are we thinking about this all wrong?

The general starting point in securing sensitive data is to prevent unauthorised access to the data. Companies will typically invest considerable sums into firewalls, securing access to file servers using least privilege principles, multi factor authentication; the list goes on.

But what if we encrypted the data before the hackers get to it?

If hackers can’t see your data because it’s encrypted to begin with, there is nothing they can steal or blackmail you against.

Microsoft Information Protection offers a comprehensive set of tools to achieve just this.

Azure Information Protection | Microsoft Azure

Purple Matrix is a Microsoft Gold Partner with 21 years of experience in cyber security and cloud technologies.
If your organisation would benefit from working with an out-of-the-box thinking IT company then get in touch!