Putting politics aside, the damaging results of Russian activities described in the NCCIC «GRIZZLY STEPPE – Russian Malicious Cyber Activity» and the «Assessing Russian Activities and Intentions in Recent US Elections» are very disturbing. However, the most critical issue is that the report suggests that a New Normal is present and that «Moscow will apply lessons learned from its campaign aimed at the US presidential election to further influence efforts in the United States and worldwide, including against US allies and their election processes.»
In CloudMask’s opinion, the «Recommended Mitigations» in the report will not sufficiently address the issue of email hacking. A more comprehensive approach is to use the Snowden Playbook that recommends using encryption not only for email during the transaction (in transit) but also for the archived email and data «at rest» on each computing device.
Dr. Aggan, CloudMask’s CEO stated: «It is important to understand that if the hacker can access your email for 10 minutes, he/she will copy all the information stored in your email account (such as Inbox, Sent, and Archived), not just the current message. Your data is snatched before you realize that you are hacked or ever realize that you have been hacked,» he added. » Encryption of all stored email is a must; the hacker will not sit watching and snooping on every message and be at the risk of you discovering the penetration.»
Dr. Aggan added, «The main problem of our traditional security stand, and in the NCCIC recommendations, is the fact that most cybersecurity these days are designed to keep attackers out, which, history has shown, isn’t a viable strategy. We need to protect our data; not only the active data but also the archived datasets. In most cases, archived data is more critical and damaging as compared to the active ones.»
Private industry and governments are in a perpetual catch-up race with malicious actors, intent on nefarious objectives. CloudMask provides a different solution; to protect data itself, not its accessibility. In the case of Secretary of State Clinton and the DNC, had their email been protected with CloudMask’s data anonymization platform, the information obtained by the Russians would have been illegible, therefore maintaining its confidentiality. One can only speculate how this would have changed the world.
We should not limit our attention to Russia alone as other state actors, organized crime, and disgruntled employees are also sources of political and economic malfeasance. Governments and private businesses must take the actions required to properly protect its interests.