One of the most ignored markets, but at the same time the most lucrative and important, is that of data processing, and today thousands of companies handle customer data that they have to protect. Therefore, it is not only necessary to have the servers well protected from intruders, but also to have the information well encrypted so that only we can read it and ultimately know how to discard the unused storage units.
Why has Morgan Stanley been fined?
The famous American investment bank has received a fine of 35 million dollars by the Securities and Exchange Commission for making a terrible disposal of all the storage units used in their servers. The cause of this has been that they hired a company without knowledge in the matter to get rid of hard drives that they contained private and sensitive information of its thousands of customers. In total there are 42 the number of affected systems.
The bank has decided not to respond to the SEC’s accusations, so He has not pleaded guilty and has not denied the charges.. Simply, he has limited himself to paying the fine. Although for that price, Morgan Stanley could have invested in more security and all this experience shows the importance of hardware for data protection, which we tend to despise or ignore.
No data encryption
Although the problem has been more serious due to the fact that Morgan Stanley has never used any of the data encryption techniques on the hard drives of its servers. So anyone who accesses those hard drives can easily get the information and at the same time said data is vulnerable to intrusion by third parties to the servers.
It is normal to use specialized hardware to encrypt the data In formats like AES-256, this relies on a specialized chip that executes a mathematical formula that converts the binary code on hard drives into another, in such a way that the data cannot be read. At the same time, the system is accompanied by another chip that performs this function in reverse to be able to recover the data. This allows the full recovery of the information locally.
In any case, with the attacks on NVIDIA a few months ago and UBER recently, it is becoming clear that companies often ignore these protection methods or rather do not do so and it is necessary to improve security in these cases.