On June 19th, BGR reported on a story of a hacker who stole "50GBs of data or bigger from over 79 large banks." This may not sound like much data to some, so allow me to put it in perspective. An A4 page contains on average 1,200 characters. One (1) GB (gigabyte) of data equates to approximately 894,784 A4 pages or 4,473 (200 page) books. And the BGR report claims "50GBs of data or bigger" was stolen.
Whether your corporate server runs on a Unix/Linux, a Microsoft or other operating system with a database service i.e. Oracle, SAP, MSSQL, MYSQL, etc. hackers install similar systems on their own servers in search of what is referred to as a “Zero Day Attack.”
A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits(actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability. The term derives from the age of the exploit. A "zero day" attack occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.[1]
Due to the limitation of human programming skills, zero-day attacks have and always will exist.
Conclusion. Sensitive information stored on a database, should never exist on an internet connected server or outside the corporate network.
Six Degrees Counterfeit Prevention (6DCP) is backed by a team of experts with over 50 years experience in IT Security and Cryptography. Sensitive to news like this as well as others, this team developed a unique anti-counterfeit, track and trace and marketing acceleration solution that eliminates the need for a database. Any financial adviser will tell you never to put all your eggs in one basket. And so will your IT professional.
Consider your serialization or anti-counterfeit system, or the one you'll soon be mandated to employ (if you're in the Pharma industry). For each product that is manufactured and marked with a serialized barcode, one (1) data base record is created. If 100,000 units were manufactured today, 100,000 database records were created as well. If a hacker were to penetrate the corporate database, they will have access to your company's proprietary information - your product data. If they've managed to gain access to these records, they most likely cracked the serialization methodology as well. Having this knowledge, a counterfeiter will be able to produce "genuine" serial numbers and subsequent data base records and introduce "authentic" product into the supply chain.
With our solution, we avoid this risk by a process referred to as Micro Data Base Less Encapsulation (MDLE). By encrypting and encapsulating an entire data base record into a 2D barcode (or RFID), we provide the capability to mark each individual product with it's own ultra secure, unique identifier. This protects our clients against tech savvy counterfeiters who not only know how to make a clean knock off, like rats can burrow their way through the most elite security systems.
Protecting the Consumer, protecting the Brand, eliminate the financial loss caused by counterfeiting. This is our mission.
If you'd like to learn more about how 6DCP can provide the following solutions, please do not hesitate to ask.
- Counterfeit Protection
- Diversion Detection
- Track and Trace
- Marketing Acceleration (Social Network Advertising)
- Document Security
- ID Card Protection
- Medical ID Cards
- Micro Payment Solution
FYI - This email contains approximately 30KB. Approximately 0.00004% of the data reported stolen in the article.