Most companies are building increasingly complex fortresses against external threats when they should be looking for the traitor within.
Damian Harvey, the new Australian country manager of global data security company Vormetric, says perimeter-based cyber security has repeatedly failed to stop breaches.
“Massive amounts of money are still being spent on firewalls, access monitoring and the like, when, frankly, the data itself is often walking right out the door and into the wrong hands,” he says.
“Data is the new currency. Whether you’re talking personal records, credit details, medical records, blueprints to a proprietary device – data is valuable to criminals.
“Everything from (former NSA contractor Edward) Snowden to the major retail breaches is confirming that cyber security has been focusing on the wrong thing, working from the outside to the inside, instead of the other way around.”
Stolen data, including details about people and their finances, can be bought on websites in Europe. Some also offer a money back guarantee that the data is genuine.
Harvey says Vormetric’s decision to launch in Australia was in response to a number of factors the increasing focus on compliance following the Australian Privacy Principles (APP) rules which came into effect on March 12.
“As a digital economy and society, we urgently need to adopt a ‘data-centric’ model and move away from the illusion that perimeter security is working,” he says.
“Almost any organisation will readily admit that data is its most valuable asset, often its crown jewels. This data may even be encrypted.
“But if you ask who’s holding the encryption keys to that data, you’ll frequently find that either people don’t know or that the keys are all in the hands of one person.
“If that’s the case, you might as well not have encryption, because your data is fundamentally insecure if you don’t have proper key management.
“While privileged users are vital to the operation of any network, and are usually deserving of trust, the stakes are too high – you don’t ever want your privileged users to be free to pillage your data.”
Harvey joined Vormetric from Oracle, where he most recently served as sales leader for Oracle virtualisation and specialist security solutions. He also was with the Australian Army specialising in encryption for the Royal Australian Corp of Signals.