McDaniel’s cryptography expert on data breaches and information security
What’s the deal with all these data breaches lately? We asked Computer Science professor Sara Miner More to decode the recent phenomenon involving big box stores, mobile applications, and even institutions of higher education.
Most breaches don’t happen because of weak encryption, but rather, what More (pictured right) calls social engineering – pretending to be trustworthy, perhaps as a bank or system administrator, to convince a target to reveal sensitive information, like account numbers or passwords.
Usually, this sensitive information is stored in an encrypted form, said More. This means the data is transformed so that only authorized people can read it, making it harder for thieves to use stolen information.
Preventing the bad guys from stealing information is challenging. It is easier to break in than to secure, said More. You can install high-tech locks on your front door, but if you leave the window open, you’ve lost already.
“An intruder, even electronically, only has to find one weakness that they have to exploit. So the person whose job it is to secure a system has a more difficult task,” she said.
The holiday season Target breach is a good example of this. Since the breach had to do with the credit card readers, the thieves got the information before the data even reached encryption stage. One way that could happen is by modifying a software update with malware before the update is sent to all of the machines, More said.
With over a quarter of Americans affected by the Target breach, the issue of information security is rapidly gaining a presence in the media and society. What strikes More is that we didn’t start paying attention to this earlier.
“It just seems like every other week there’s another (breach) reported. I think part of it is the amount of information stolen, but I think as a society, we might just be more tuned into the idea of the digital records we’re leaving everywhere,” said More, whose courses this semester include “Modern Cryptography” and “Theory of Computation.”
“I guess it’s just taken time for people to get a handle on the number of organizations that have all this data about us,” she said. It’s the result of all of our online shopping, posting to Facebook, and storing passwords in our web browsers.
So how do you protect your information? “Anything you can do to compartmentalize what you’re doing online, so different passwords for different accounts, is a good technique,” said More, adding that it’s also important to run trusted security updates, and “the sooner the better.” Plus, since these breaches may happen regardless of your own level of vigilance, it would be wise to monitor your accounts for unauthorized charges.
Beyond personal information security issues, there are economic and national security concerns as well. As a country, we are not creating enough computer scientists to meet our growing need, More said.
“Clearly, we rely on electronic data more and more everyday, and that’s not going to go away,” she said.