Why you can’t afford NOT to use a true encrypted cloud backup in 2021

July 23, 2021
Encryption 101

In a world of rising cyber-attacks, an encrypted cloud backup is your most valuable asset. As the saying goes, it’s always better to be safe than sorry, and the cloud is not nearly as safe as you think it is. Online data theft grows at an alarming rate. In 2020, the number of records exposed reached 36 billions - the worst year in history [1]. And it’s not just data breaches. Last year, ransomware attacks spiked by 700% compared to 2019 [2], for a total cost of damages in the ballpark of $20 billion [3]. 


There's nothing surprising about this. When it comes to cloud storage, security is often overlooked. And despite popular belief, the targets of cyber-criminals are not large organizations. According to the 2021 Ransomware Statistics, Data, & Trends, one in five victims is a small to mid-sized business [4]. This is shocking when you consider that 20% of SMBs don't use any cybersecurity - at all [5]. Why? 57% believe it won't happen to them [6], while the rest either doesn't know about it or thinks the risk is not worth the investment.


Is there a solution? Indeed there is: a true encrypted cloud backup for all your data. And as criminals increasingly jeopardize businesses and consumers in what has been an eventful twelve months, encryption is something which we all should be taking seriously. And little by little, the general public is coming to this very conclusion. Supply-chain raids, like those of SolarWinds [7] and Colonial Pipeline [8], have brought encryption into the limelight once again. 


colonial pipeline map
Source: Wikipedia

While we're still in the early stages of consumer and business adoption, the encrypted cloud backup market is expected to grow by $ 2.82 bn, progressing at a CAGR of over 38% in 2020-2025 [9]. But even as the industry moves forward, businesses still might not be fully aware of how important encryption is when using the cloud - a risk, this one, that you cannot afford to overlook.


All the ways they could hack into your traditional encrypted cloud backup


What does encrypted cloud backup really mean? In short, it stands for having a backup on the cloud encrypted with AES-256 or some other cryptographic protocols. Due to the nature of cryptography, it is impossible to decrypt the file without the encryption key (well, not actually impossible - it just takes longer than the age of the universe, so there’s that). 

But if it’s that easy to make a file backup inaccessible, why is that so many times we hear that this or that cloud storage platform is breached for tens of millions of users [10]? Because, regardless of encryption, there still is a workaround to hack into traditional cloud services - it’s called social engineering.


Social engineering is pretty straightforward: rather than attacking the server storing the encryption key, you manipulate those who already have access to the server to let you in. For the attack to be successful, the perpetrator must investigate the target the same way a murderer studies their own victims, taking notes on any weak points and vulnerabilities. 

Once they have gathered enough information, phase two starts: executing the attack. There are several ways to do this, baiting being the easiest one. Basically, you leave a malware-infecting flash drive somewhere you know the target is going to see it, and let curiosity (or greed) do the rest. For instance, you could repurpose a Bitcoin hardware wallet into a trojan horse, or just label a falsely innocuous USB key with some of the target's coworkers' names. Truth to be told, you don’t even need to go that far when half of people plug in USB drives they find in the parking lot [11].


But physical drives are not the end all be all of baiting. You could disguise a virus as a torrent [12], or really, let your imagination go wild. Just think: how many times a day do you download something from the internet without knowing the real source? Maybe you have already been pwned and you don’t know it yet [13].

Then there’s scareware. Scareware is like that thing they do in heist movies when in order to rob a bank they dress up as guards and enter the building from the front door. It works like this: you deceive the target into thinking their system is infected with malware, then you provide them a solution, which is, in fact, a malware. Your malware. 


A popular way to pull this off is the browlock.


Long story short, you spam the target’s browser with a large amount of authorization confirmation prompts to hijack their device. As a cherry on top, you display an alert on the screen, urging them to call a fake support page for instructions on how to fix the bug. It might sound weird but, really - it happens all the time [14].

And what about phishing? If scareware and baiting are not (yet) media sensations, phishing certainly is. At least after the much-discussed phishing attack that spread nudes of Hollywood celebrities all over 4chan in 2014 [15]. And with all the notifications we receive on an average day, it’s almost as easy as pie. 


phsihing


First, you have to know the target email account. Once you know that, you send them fake emails pretending it's Google or Facebook or whatever, and ask them their username and password. Alternatively, you clone a website the target visits often, and ask them for their credentials. 


See? That's how tricky phishing is: it's not that you really hack into their servers. They let you in. Willingly. If scareware is like pretending to be a guard to talk the actual guards into giving you access to the bank, phishing is like building a doppelganger bank and welcoming the real guards. Pretty nasty, huh?


And then there’s the wrench attack.


Source: XKCD.

If you think about it - I mean, if you really think this through - the wrench attack is the embodiment of all software hacks. Data breaches are not actually breaches. Most of the time, someone left the door unlocked. In other words, it’s a human error. [16]


Why Google is not your friend

girl with a tablet on her hands with google search open on the screen


If you’ve reached this far, you probably realize where this is going. That is: Google (and all traditional cloud services, for what it’s worth) are not your friend. Meaning: they can’t be trusted with your data. Why? Because they’re prone to human error. As I told you, encryption is not the key to all problems. It all comes to where encryption keys are stored and how they are secured. In Google’s case, they store them on their servers. In fact, Google’s entire business model is built around holding your encryption keys. Think about it.


How does Google make money? Data. It’s an advertising company. They “organize the world’s information” - or, in non-marketing jargon, they mine your stuff through machine learning, profile you, and sell access to your eyes via personalized ads. Which is codeword for - they teach the highest bidder how to manipulate you into buying their products. [17]


So far so good, right? No. But even assuming it’s ok, that’s not (all) you should be concerned about. What you should really be concerned about is that, in order to execute this plan, they hold the key to your entire digital life. Meaning: your data, your most precious and personal information, however protected they might purport it to be, is vulnerable to human error. Or, put it another way, their employees and whoever has access to them are security holes in your encrypted digital utopia. You think that by trusting Big Tech you’re trusting their, you know, Big Tech. What you’re actually trusting is their employees and the soundness of their security protocol.


How to forget all this with a true encrypted cloud backup


If the cloud storage landscape of 2021 looks like hackers’ heaven, that’s because it is. They tend not to talk about this on the news, because if you really understood how insecure the current cloud paradigm actually is, why would you ever trust them with your data?

In fact, you shouldn’t. But fortunately for you, there is a solution to this problem. They tell you that you either give your data to Big Tech or store your data locally. But there’s a third way. A completely alternative method to protect your information. It’s called Cubbit. And it’s the most cutting-edge cloud storage solution there is.


Cubbit does not hold your encryption keys: it uses client-side encryption. Translated: it never gets access to your keys, ever, as they never leave your device. But this is not enough, right? If someone had access to your device, it’d be game over, and that’s a bummer. Plus, there already are devices like this - they’re called NAS, i.e. network attached storage. NAS, if you don’t know, are home servers that give you remote access to your hard drives. The thing is, they’re as ephemeral as any physical support might be - one failure away from completely losing it all. [18]

On top of that, they 100% rely on your internet connection. You’re outside, your NAS is at your home and there’s a blackout: good luck accessing your files! Now, if that bothers you, imagine how annoying it is when your NAS is at your mama’s house in some other country and the only two ways to reboot your NAS are a road trip or troubleshooting the problem via phone call with your mom.


Cubbit is different. It's the cloud without a data center. Rather than storing all your files in a remote server farm, it encrypts them with AES-256, splits them into chunks, copies those chunks and distributes them over a network of Cubbit Cells - which are home servers in the hands of the users. 

Cool, yeah - but what it means? It means that even if someone had physical access to your Cubbit Cell, it would have no access to your files. Even better: even if someone had both physical access to your Cell and your encryption keys, they still wouldn’t be able to pry into your stuff. In order to do that, they’d need to have physical access to all the Cubbit Cells hosting your chunks. Which basically means: no human error, no social engineering, not even a $5 wrench could ever hack into your private information. In short, it’s a zero-knowledge cloud storage solution.


Now that is security done right.


And that’s not all. Because of this cryptographic architecture, Cubbit makes your data indestructible. Data center burns [19], hard drives fail [20], USB drives get lost [21], but this doesn’t happen to your Cubbit files. It cannot happen. 

Even if your Cubbit Cell were completely wiped out, you’d still be able to access your files. In fact, your Cubbit files are always accessible, anytime, from anywhere - no matter what. Why? Because your Cubbit files are not inside your Cell. They’re encrypted, copied and safely distributed. As private information should always be.


And the beauty is, it's as easy as pie. Cubbit's UI is no different than any other cloud provider you're used to. You can create folders, share public and private links, drag and drop your files - everything works the same way it does on Dropbox and other traditional services, the only difference being that Cubbit is secure. 

So, what is the bottom line? That Cubbit is the only way to protect your personal information. I work at Cubbit, fine - I’m biased. I don’t want you to trust me. Even better: trust no one. The whole point of this post is that you should never trust anyone with your data. And that is also the very reason why you should get a Cubbit Cell right now.


Because it’s not about trust. It’s about math.


You’re not convinced? Order a Cell and try Cubbit for 30 days. If you decide it’s not for you, we will issue a full refund and you’ll be able to return your Cell for free.


Notes

[1] Cisomag

[2] ZDNET

[3] Barrons

[4] Purplesec

[5] Cision, BullGuard

[6] Forbes

[7] World Economic Forum

[8] CNBC

[9] Business Wire, Technavio

[10] Upguard

[11] The Register

[12] Kaspersky

[13] Have I Been Pwned?

[14] Malwarebytes Labs

[15] Wikipedia

[16] Related reading: How to protect your privacy online: 5 actionable tips!

[17] The Crow

[18] To learn about the differences between Cloud and NAS, download this free ebook 

[19] Gamespot

[20] Ask Leo

[21] Reddit

Share it:

Stories to help you get to know us

Subscribe not to miss new articles and updates about Cubbit.

Subscription successful!
Check your inbox, we've already sent you something.
Oops! Something went wrong while submitting the form.

By signing up you accept our Privacy Policy.

Related posts