After yesterday’s announcement from FTC regarding the breach in data security in peer-to-peer (P2P) networks, I spoke with Scott Harrer, Director of Brand Development at Tiversa, a company that is currently the only company providing data security protection in a peer-to-peer network.
If you don’t know what a P2P network is, I recommend you start with a little background information that defines what it is and how it works so you can identify your risk.
This type of breach is more common than consumers and business might realize. An astonishing 93% of the disclosures that are breached emanate from the “extended enterprise”. This means they are happening outside their main organization (partners, customers, telecommuters, suppliers, etc.)
According to Scott Harrer, Tiversa has been talking about security breaches in P2P for seven years and the company is now starting to see more breaches talked about in the news. Tiversa offers protection against these breaches through a patented technology that allows users to see all the global P2P networks, multiple network protocols, clients, and applications as one single entity. This allows Tiversa to see two very distinct and different things. First, Tiversa sees user-specific searches, which are now in the 1 billion figure per day, targeting personal information, credit card information, personal patient records, security diagrams, and corporate databases among other sensitive data, coming through a network that most people believe is just for music or software.
As pioneers in the field of P2P security and P2P intelligence, Tiversa is the only company that offers protection for their clients ranging from Small-to-Medium Sized Businesses (SMBs) to enterprise clients. Specifically, it provides their clients with visibility in their “extended enterprise”—a term Tiversa uses to describe the area outside of the clients’ four walls. According to Harrer, “Most security solutions are focused on the organizations’ four walls. Tiversa focuses on that and beyond to help them mitigate these types of disclosures and secure the sensitive data.”
Tiversa uses highly automated and proprietary systems and processes that alert a team of cyber forensic analysts to physically review when a breach occurs. The cyber forensic analysts determine the actual disclosure source and interface with the client to discuss the breach and provide mitigation steps for the client to take to prevent additional breaches.
Here’s an example:
Once the data is released on the P2P network, Tiversa has the real-time capability to detect it. Scott Harrer explains, “Generally, there’s a 48-hour window before the file virally spreads.” In that time period, Tiversa detects breaches as they occur on the network, mitigate, and shutdown the breach. Scott offers this explanation to future breaches, “If the same file pops up on the network in the future, Tiversa’s alert notification is proof that the mediation effort the client implemented wasn’t effective. A lot of times, it’s a matter of educating employees, having a comprehensive program, and protocol.”
Tiversa offers P2P intelligence services to businesses but partners with Lifelock to offer protection for consumers. The Lifelock Personal Breach Detection™ actively monitors unregulated internet and file-sharing networks for their clients’ identity information. If a client is at risk, Lifelock sends email alerts to help protect against accidental personal information disclosures.
Due to the sensitivity of the work relationship and type of work performed, Tiversa does not publicly disclose details about the type of work they do with governmental agencies.
The bottom line is this:
People are basically, unintentionally sharing their hard drives either by using P2P software or due to malware. Tiversa sees and is able to detect files in real time being disclosed by the millions of people, including corporate information, disclosing patent information, applications, and other sensitive data.
In light of yesterday’s announcement by FTC, when asked, Scott shared that to his knowledge; the FTC is running an independent P2P investigation in relation to sensitive data disclosures. Tiversa has had about a dozen companies call explaining that they have received a letter from FTC, which contains much more details than the sample letters disclosed by the FTC on the internet.
Scott’s advice is this, “Remember, it’s just as easy to obtain someone’s tax and Social Security Number in a search as a Madonna song search. It’s that easy—it literally only takes a matter of seconds to issue a search to see sensitive data.”
Identity theft is occurring at staggering levels and the current trend is that it’s occurring more frequently on P2P networks. If you don’t think this is a serious matter, think again. P2P Internet traffic is expected to grow almost 400% over the next 5 years, according to MultiMedia Intelligence. For more information, view identity theft statistics.
Know what to do to protect yourself and your customers. Don’t put your company, your employees, or your customers at risk. Learn more about P2P network security breaches and the protection that is available.
For more information, see FTC
© 2010 Jennifer L. Taylor, National Marketing Examiner dba The Word Tailor
Comments
In David Scott’s words, everyone needs to be a mini-Security Officer in the modern organization today. I think Mr. Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).
The Distributed Computing Industry Association (DCIA) supports the statement made by the US Federal Trade Commission (FTC) on Monday, not only with words but also with its actions. The Inadvertent Sharing Protection Working Group (ISPG) is a DCIA-sponsored industry-wide program introduced in July 2008 that has been working with the private sector and FTC staff to address the issues Chairman Leibowitz spoke about in his statement.
Compliance reports began to be compiled and submitted one year ago from top brands representing implementations of P2P technologies ranging from downloading to live-streaming, from open consumer file-sharing environments to secure corporate intranet deployments, and from user-generated to professionally produced content.
Representative examples of these are BitTorrent and LimeWire. In the case of BitTorrent and software programs that use BitTorrent, it is unlikely that a user can inadvertently share data because of the multiple intentional steps involved
In the case of LimeWire, the company literally rebuilt its software to protect users from accidentally sharing their personal or sensitive data.
The distributed computing industry takes the safety of consumers very seriously. Once this concern was recognized, it responded proactively.
The fact remains, however, that the amount of confidential data that is in distribution on the Internet is cumulative. Material that was accidentally disclosed years ago is still floating around. And more recently leaked data is also accessible. The entire focus of ISPG so far has been to shore up the sources of such unintended file uploads in the first place. Removing items that are already in circulation on the web is a problem of a different order of magnitude and one that this group is just starting to investigate.
The ISPG's best advice now - to parents and children alike - is similar to that given by other Internet software distributors: PLEASE UPGRADE TO THE LATEST VERSION FOR THE BEST PERFORMANCE AND THE SAFEST EXPERIENCE.
For public and private sector institutions that require workers to handle classified information: PLEASE DISCONNECT YOUR COMPUTER FROM THE INTERNET WHILE WORKING ON HIGH-SECURITY PROJECTS AND REMOVE SENSITIVE DATA FROM YOUR DEVICE BEFORE RECONNECTING.
Also, along with actively participating in this program, summarized here, the DCIA encourages file-sharing software distributors to direct users to the Onguard Online website pages dedicated to File-Sharing Safety.
The DCIA was less enthusiastic about news that Senators Amy Klobuchar (D-MN) and John Thune (R-SD) misguidedly introduced legislation on Wednesday "to inform Internet users of the privacy and security risks associated with file-sharing software programs."
Such measures tend to be technologically outdated before they can be finalized and signed into law, result in unintended consequences that stifle commercial innovation, and prove to be unenforceable given that the Internet is a global medium.
The industry has moved to address inadvertent uploading of sensitive data by shoring up the entry points in file-sharing software.
This issue has moved now to institutional policies for managing data securely and to the removal of confidential data already in circulation. Nevertheless, the DCIA will engage with Senate staff to minimize collateral damage.
Got something to say?
Examiner.com is looking for writers, photographers, and videographers to join the fastest growing group of local insiders. If you are interested in growing your online rep apply to be an Examiner today!