How do you secure data against Industrial Espionage?

In early January 2018, Intel Corp admitted that a vast majority of processors running globally across computers, smartphones and other devices are highly susceptible to espionage and data leaks due to a ‘design flaw’.

Flawed by design

However, if we look at the issue objectively, it isn’t really a surprise. While there have been popular theories of chip manufacturers across the globe being targets for spy agencies, it is no secret that attempts have been made (some successfully, we may say) in successfully infusing chips with intelligence gathering capabilities. This definitely makes us ponder on the thought that espionage need not only happen at the application level or on the surface of an operating system. Embedding is a logical development. The weakness has been implanted by design.

Possible fallout

Bloomberg, in its immediate response to Intel’s statement, published an educative article in Money’s Technology section that goes a little deeper into the issue. (1)

“Modern processors guess what they’ll have to do next and fetch the data they think they’ll need. That makes everything from supercomputers to smartphones zippy. Unfortunately, as Google researchers discovered, it also provides a way for bad actors to read data that had been thought to be secure. In a worst-case scenario, that would let someone access your passwords.” Bloomberg ominously adds, “There’s been no report so far of anyone’s computer being attacked in this manner, but in theory this puts important data at risk.”

Is there a defence mechanism to protect data?

Interestingly, a couple of months prior to publishing this blog post, the Chairman of SECUDE, Dr. Heiner Kromer in his blog post titled ‘Perceptions of a Serial Entrepreneur (Part 7): The Age of Electronic Intelligence’ (published in LinkedIn) states, “All governments are in this game of electronic cat and mouse. Interestingly, so are many IT companies. Why do you think Intel bought a very good security company? Yes, to create embedded defenses. But on the other hand, can you think without back doors embedded at the same time? I believe that’s how the Israelis delayed the Iranian atomic program – by manipulating chips. Security starts to be a problem on the board itself. Control the chip market and you have reach bypassing any security. It is impossible to avoid this scenario.”

A credible defence solution against such threats is encryption of sensitive data before storage and also encryption of downloaded data before sharing through the internet, archiving, storage on devices or on the cloud (Dropbox), and so on.

Have you thought about securing your sensitive data through encryption? If you are an SAP user with Microsoft 360, SECUDE has just the solution – leverage Microsoft AIP through HALOCORE®. For more information, read about the solution here.

Reference

[1] Almost Every Computer and Smartphone Has a Big Security Flaw. Here’s What You Need to Know

[2] Perceptions of a Serial Entrepreneur (Part 7): The Age of Electronic Intelligence