Users Can Be Just As Dangerous As Hackers
Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat.
But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad.
Most organizations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding.
However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce.
All of these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of protecting against outside attackers. However, e2ee also resists internal governance and compliance programs.
Even more troubling, these features don’t integrate into existing user-management tools. An existing member of a group needs to be removed from any group communications inside the organization, but with these ad-hoc consumer tools, this management is nearly impossible to guarantee.
One often-maligned technology that offers hope to resolve the tension of e2ee and governance is blockchain-based solutions. Bitcoin, which originally put blockchain in common parlance, is known for slow commits (~10 minutes), low transaction throughput, and high monetary and environmental costs.
But this blockchain technology has not stood still. Thankfully, newer designs offer options that do away with the shortcomings of bitcoin while still offering trustless operation.
SpiderOak is a pioneer in using cryptography to protect data not only from criminals but also from the company, meaning that not even the company can read the information users store on their servers.
