Wave Systems Corp. (fka WAVXQ)

[Genz2]

Toxic Data: How 'Deepfakes' Threaten Cybersecurity

https://www.darkreading.com/application-security/toxic-data-how-deepfakes-threaten-cybersecurity-/a/d-id/1333538?_mc=KJH-Twitter-2018-12

The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did.

"Fake news" is one of the most widely used phrases of our times. Never has there been such focus on the importance of being able to trust and validate the authenticity of shared information. But its lesser-understood counterpart, "deepfake," poses a much more insidious threat to the cybersecurity landscape — far more dangerous than a simple hack or data breach.

Deepfake activity was mostly limited to the artificial intelligence (AI) research community until late 2017, when a Reddit user who went by "Deepfakes" — a portmanteau of "deep learning" and "fake" — started posting digitally altered pornographic videos. This machine learning technique makes it possible to create audio and video of real people saying and doing things they never said or did. But Buzzfeed brought more visibility to Deepfakes and the ability to digitally manipulate content when it created a video that supposedly showed President Barack Obama mocking Donald Trump. In reality, deepfake technology had been used to superimpose President Obama's face onto footage of Jordan Peele, the Hollywood filmmaker.

This is just one example of a new wave of attacks that are growing quickly. They have the potential to cause significant harm to society overall and to organizations within the private and public sectors because they are hard to detect and equally hard to disprove.

The ability to manipulate content in such unprecedented ways generates a fundamental trust problem for consumers and brands, for decision makers and politicians, and for all media as information providers. The emerging era of AI and deep learning technologies will make the creation of deepfakes easier and more "realistic," to an extent where a new perceived reality is created. As a result, the potential to undermine trust and spread misinformation increases like never before.

To date, the industry has been focused on the unauthorized access of data. But the motivation behind and the anatomy of an attack has changed. Instead of stealing information or holding it ransom, a new breed of hackers now attempts to modify data while leaving it in place.

One study from Sonatype, a provider of DevOps-native tools, predicts that, by 2020, 50% of organizations will have suffered damage caused by fraudulent data and software. Companies today must safeguard the chain of custody for every digital asset in order to detect and deter data tampering.

The True Cost of Data Manipulation
There are many scenarios in which altered data can serve cybercriminals better than stolen information. One is financial gain: A competitor could tamper with financial account databases using a simple attack to multiply all the company's account receivables by a small random number. While a seemingly small variability in the data could go unnoticed by a casual observer, it could completely sabotage earnings reporting, which would ruin the company's relationship with its customers, partners, and investors.

Another motivation is changing perception. Nation-states could intercept news reports that are coming from an event and change those reports before they reach their destination. Intrusions that undercut data integrity have the potential to be a powerful arm of propaganda and misinformation by foreign governments.

Data tampering can also have a very real effect on the lives of individuals, especially within the healthcare and pharmaceutical industries. Attackers could alter information about the medications that patients are prescribed, instructions on how and when to take them, or records detailing allergies.

What do organizations need to consider to ensure that their digital assets remain safe from tampering? First, software developers must focus on building trust into every product, process, and transaction by looking more deeply into the enterprise systems and processes that store and exchange data. In the same way that data is backed up, mirrored, or encrypted, it continually needs to be validated to ensure its authenticity. This is especially critical if that data is being used by AI or machine learning applications to run simulations, to interact with consumers or partners, or for mission-critical decision-making and business operations.

The consequences of deepfake attacks are too large to ignore. It's no longer enough to install and maintain security systems in order to know that digital assets have been hacked and potentially stolen. The recent hacks on Marriott and Quora are the latest on the growing list of companies that have had their consumer data exposed. Now, companies also need to be able to validate the authenticity of their data, processes, and transactions.

If they can't, it's toxic.
=================================================================
Some more reasons to have organizations' sensitive information protected by Wave VSC 2.0 and Wave SED Management. Using the Wave Alternative could save organizations a lot of money and headaches.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

https://www.wavesys.com/products/wave-self-encrypting-drive-management
==================================================================
https://www.wavesys.com/wave-alternative

The IT perimeter is gone

With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.

It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.

You have to start with the device

Wave has an alternative: security that’s built into each and every device.

We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.

We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.

Security that’s confirmed, not assumed

With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.

A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.

Do we need to say that with Wave, compliance is no problem?

Start closing your security gaps today, with what you’ve got

You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.

It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.

Questions? Read on, or contact our sales department.