Security is Dead. Long Live Security.

Next: Sharks and Shpiony: A Conversation with Andrei Soldatov...
Previous: Should Companies Try to “Buy Back” Their Stolen...
Writer Danny R.
September 21, 2018

Danny is one of the founders of Terbium and is known around the office for his extended soliloquies and pontifications about the security industry. He blogs about global trends and the importance of knowing where one's data is on the dark web.

A few months ago, Andy Bochman of the Idaho National Lab published a piece in Harvard Business Review with this brutal opening paragraph.

It doesn’t matter how much your organization spends on the latest cybersecurity hardware, software, training, and staff or whether it has segregated its most essential systems from the rest. If your mission-critical systems are digital and connected in some form or fashion to the internet (even if you think they aren’t, it’s highly likely they are), they can never be made fully safe. Period .

We couldn’t agree more. Data has intrinsic value – think of it like money, just stored differently. We currently live in a world where actors use sophisticated tradecraft previously relegated to the shadowy world of government intelligence to steal intellectual property, pilfer credit cards, and wreak havoc on corporate IT systems. In this brave new world, defensive measures, while still necessary, are no longer sufficient. Data exposure at some level is inevitable for any organization, no matter how secure.

Mr. Bochman’s solution is to work to disconnect as many critical information systems from the internet as possible. That may be fine for oil refineries or voting systems, but even he acknowledges that in an economy where most businesses are becoming software businesses, disconnecting is fundamentally impossible. So how do we reconcile a world where we must stay connected, but where that connectivity leads to inevitable risk?

That’s where a proactive, intelligence-led security posture comes in. While you can’t stop everything, you can certainly use intelligence gathered from outside your perimeter to rapidly detect the things you’re missing, and you can use that intelligence to both respond more quickly and to plug security holes going forward. The evidence is clear—the faster you know about a potential data breach, the less damage occurs.

Providing that kind of intelligence is exactly Terbium’s mission. We look to the places where signs of data compromise appear—the so-called dark web—and work to tell you as quickly as possible when your organization’s data may be exposed. And we do all of this without compromising the privacy of your data. Using a whole host of technologies, from sophisticated automation to our patented data fingerprinting, we exist to reduce your risk of inevitable data exposure.

Andy is right—systems that are connected to the internet can never be made fully secure. But we can use data intelligence gathered from the dark web to proactively reduce the risk, and the harm, from that inevitable exposure of data. Get in touch today, and let us help your organization become more proactive in protecting its most important digital assets.

analysis July 09, 2018
The Terbium Take: Synthesizing Academia's Insights on Stolen Data

In an industry lacking a shared understanding of or framework for digital assets, we at Terbium Labs appreciate the analytical contributions from the academic and policy communities. In this post, we examine three papers...

technical April 16, 2018
Privacy, Regulation, and Data Fingerprinting

We at Terbium are big fans of GDPR. Not only have we argued that regulation has a strong role to play in ensuring individual privacy and security, but we’ve built our product, Matchlight, entirely...