When hackers invade your company’s VPN, what sort of information will they have access too? This question is on the minds of many data management professionals who spend countless hours entertaining worse case hacking scenarios. No major or small corporation desires to be hacked, but in today’s corporate data management environment, it seems that a data breach is not an issue of if it will happen as much as it is an issue of when it will happen. It leaves many to wonder what is the best approach to securing a company’s sensitive data.
When the breach occurs, it is important to ensure that a hacker gets as little use out of a corporation’s sensitive data as possible. In fact, when going over worse case scenarios, it is sometimes better to operate from the perspective that instead of protecting against the attempts of hackers to compromise the data, how can the data rather be made useless to the hackers, even if it is stolen? If methods are in place to render the data useless to hackers, then this ends up being the ultimate deterrent to hackers, making their efforts obsolete.
Image Source: Pixabay
Rendering Data Useless
One way data management professionals have attempted to render data relatively useless to hackers is to encrypt the data. Encryption works by rewriting data in a seemingly unusable form, unless you have the cipher key needed to crack the encoding process to decrypt and retrieve the original information being encrypted. However, the problem with encryption is that it is usually just a matter of time before the encryption method being used gets cracked, leaving the data vulnerable to the hacker to view at will. With today’s high speed processors, hackers are getting faster and more efficient at breaking down encryption roadblocks, leaving sensitive corporate data open to potentially anyone with a computer and a slick angle to circumvent a company’s private network.
Big Data Salting
Another approach to dealing with hackers, which essentially can rob them of the time factor that usually works in their favor, is to overwhelm them with too much useless garbage data. If a corporate VPN contains mostly garbage data in chunks the size of mountains of big data sets, then it becomes virtually impossible for the hacker to know what information is useful and what information is intentionally tossed in to lead the hacker astray.
In this capacity, getting their hands on the data stored within a company’s private network does not ensure they can do much of anything with the data they have acquired. Without some type of map to help them navigate through the enormous piles of data to determine which portions of the data set are useful, the hacker is left to rely on little more than luck and perhaps trial and error to figure out if they can isolate some portion of the salted data set that might bring them profit.
Even if they are able to figure out how to use a tiny portion of the data they acquired, this is far better than their being able to know precisely which data is fake and which is not, which would give them the ability to cause even more than just minor damage to a company and its clients if they could make such clear distinctions.