It has been yet another challenging week in terms of security. Not only have we discovered that supposedly “friendly” governments are discreetly seeking surveillance data related to push notifications, but Apple has revealed that over the past two years, more than 2.6 billion personal records have fallen victim to data breaches.
The suggestion seems to be that to ensure the safety of our online data, the most effective approach might be to avoid storing it altogether. The recently commissioned Apple study, titled “The Continued Threat to Personal Data,” appears to reinforce the company’s stance on the necessity of robust end-to-end data encryption and security measures.
The need for such a report feels tragic, considering how apparent it is to those outside certain governmental circles that securing data involves protecting it rather than introducing intentional vulnerabilities. Unfortunately, this seems to be the current state of affairs.
Regarding Apple’s perspective, Craig Federighi, the senior vice president of software engineering, issued a warning in a statement:
“Bad actors continue to invest significant time and resources in devising more innovative and effective methods to steal consumer data, and we remain committed to thwarting their efforts. As the threats to consumer data escalate, we will persist in our endeavors to enhance protections on behalf of our users, introducing even more robust safeguards.”
The Speed Of Cyber Attacks Is Increasing At An Alarming Rate
A study led by Stuart Madnick, a Massachusetts Institute of Technology professor, has provided compelling evidence that data breaches have evolved into a global epidemic. The instances of data breaches have more than tripled from 2013 to 2022 and show no signs of abating in 2023.
The key takeaway is the urgent need for mandatory and robust protection against breaches. Particularly, technologies like end-to-end encryption gain heightened importance in the face of efforts by criminals and government-backed spies to infiltrate the servers where your data resides.
The significance of this protection becomes evident when even the server itself is incapable of understanding or reading the information it holds. If the server remains unreadable, the likelihood of perpetrators deciphering it diminishes.
Advanced Protection Is Highlighted In The Report
Apple’s existing data protection measures already encompass encrypting critical information such as passwords. Although some limitations exist, Advanced Data Protection extends this safeguard to additional aspects like Notes, iCloud Backup, and Photos.
The escalating momentum of cyber attacks should concern anyone navigating the online space. In the United States alone, there has been nearly a 20% increase in breaches within the first nine months of 2023 compared to any previous year, as reported by Apple. The study also cautions that over 80% of breaches involve data stored in the cloud, with attacks against cloud infrastructure nearly doubling from 2021 to 2022.
According to consensus among security experts, the sophistication and resourcing of attackers are on the rise. Some hackers have even established help desks to assist affected customers. Ransomware has emerged as a lucrative business, benefiting from more advanced attackers who adeptly gather and combine small data to compromise security at various organizational levels.
Simen Van der Perre, a strategic advisor at Orange Cyberdefense, highlights that many sophisticated ransomware attacks unfold over time in distinct stages. In this evolving landscape, every minor vulnerability should be anticipated and scrutinized as hackers continuously adapt their methods to overcome once-effective security practices. Consequently, organizations with the most robust security practices are now vulnerable to threats in ways that were not prevalent just a few years ago, as noted by Apple.
Encrypt Everything To Stay Protected Against Attacks
“In recent years, we’ve witnessed an unprecedented surge in both the quantity and sophistication of cyber threats. Attacks are becoming more tailored as criminals aim for maximum impact and profit,” states Bernardo Pillot, INTERPOL’s Assistant Director of Cybercrime Operations, quoted in the report.
Ensuring that data remains incomprehensible even if accessed is the cornerstone of the company’s personal and enterprise security approach. If someone gains unauthorized access to your online data but can’t decipher it, your data remains effectively secure.
Data poses challenges for employees and users and the numerous data lakes held by different firms, making them potential targets. Incidents of data breaches in data brokers and government-related systems underscore the need for more effective protection of the information these systems hold about individuals.
Apple issues a warning about the increased collection of personal data by corporations, governments, and various organizations due to people living more of their lives online. The interconnected nature of global business poses risks, as a successful hack against a small supplier can provide attackers access to information stored on servers of a much larger company, putting everyone at risk.
Such attacks have the potential to damage customer relationships and bankrupt companies. Nations that remove end-to-end encryption protection for consumers and businesses must recognize the risks they take with their population’s digital security and enterprise success.
Solid and robust digital protection is essential in a connected world, and weakening it is a luxury that no one can afford.