Using Blockchain Bounties to Stop Document Leaks and Data Breaches
After protecting over 300 000 movies from piracy, Custos is expanding to documents.
In 2017 Apple held a big internal meeting to reveal the software roadmap with hundreds of their developers in attendance. Apple is known to be incredibly secretive about new product launches, as they argue they “want the chance to tell our customers why the product is great, and not have that done poorly by someone else,” which makes complete sense. In the group of attendees, one bad apple (excuse the pun) leaked information to the media. After a lengthy investigation, the culprit was found, and reportedly told the internal investigators that he leaked the information because he “thought he wouldn’t be discovered.” Well, this might have been true before we figured out how to use Blockchain to trace leaks directly to their source, but more on that later.
The 2018 Cost of Data Breach Study by IBM and Ponemon found that on average a data breach costs $3.83 million in direct and indirect costs. Within the next 24 months 27.9% of large companies will be the victim of a breach — In South Africa, it’s closer to 43%. This is a genuinely global and persistent problem.
The report does have a silver lining — if breaches are detected and contained within 30 days, it saves over $1million on average in direct and indirect costs.
Data breach mitigation has three critical components:
- Protection: products and procedures to limit the illicit spread of data
- Detection: finding leaked content on- and offline, and identifying sources
- Response: plugging leaks and mitigating damage
The limit of protection technologies is that at some point the data needs to be readable by a human. At that point, someone that wants to leak data cannot effectively be blocked from doing so using technical means — A full 48% of data breaches resulted from criminal or malicious human action, frequently from insiders.
When you have someone on your team that wants to leak data and are confident that they won’t get caught, they will succeed.
That’s where detection comes in.
Rapid detection of breaches is the most effective lever to reduce direct and indirect damage. On average, it currently takes almost 200 days to detect a data breach. Imagine your competitor knowing your designs or plans, or criminals getting your customer data, more than half a year before you can start reacting.
Typically breaches are only discovered when data is found on the public internet, whereafter it takes on average a further 70 days to respond to the leak. No wonder leakers like the bad apple mentioned above are not afraid of being caught.
Enter Custos.
The Custos solution integrates with existing information management platforms or workflows and adds a unique forensic watermark and blockchain bounty to each copy of a document that is distributed.
Each sender and recipient of a document is recorded on the blockchain. When a leaked document is found, the source of the leak can immediately be identified.
The real magic — the secret sauce with which we effectively stopped piracy in the video space — is that every person who received an illicit copy of a document is given a monetary incentive to anonymously blow the whistle on the leak.
The Bitcoin bounty that is added to each copy of a document can be claimed by anyone anywhere — and the senders and recipients of the document know this. It creates a credible threat of detection — You might be confident that a competitor or journalist will not leak your identity on purpose, but are you confident that they will not take a $1000 bounty? Maybe. Are you sure everyone that has access to the document can be trusted? Definitely not.
If a bounty is claimed, the sender and receiver of a document are immediately identified through the blockchain, and the breach can be responded to. Rapid detection allows for a swift response and the mitigation of any serious direct or indirect costs.
It is our goal over the next two years to reduce the rate of data breaches for our customers by more than 99% — just like we did for our film customers for whom we have protected over 300 000 movies. We won’t let a bad apple spoil the bunch.
