The catastrophic data breaches that exposed millions of Australians’ personal information at Medibank and Optus revealed a fundamental flaw in how organisations protect data – one that even the best cybersecurity tools can’t fix.
Now an Australian start-up claims it has solved the problem that made those breaches so devastating, and the world’s leading insurance marketplace is backing the technology.
Tide Foundation has announced a partnership with Lloyd’s-backed underwriter Becco that will provide preferential insurance coverage to companies adopting technology designed to eliminate the “choke points” that turned the Medibank and Optus incidents from simple breaches into national crises.
The catastrophic data breaches that exposed millions of Australians’ personal information at Medibank and Optus revealed a fundamental flaw in how organisations protect data.Credit: Getty Images
The choke points are system administrators, database managers and compromised credentials that provide god-mode access to entire databases. For most companies’ systems, once attackers breach the perimeter – through phishing, insider threats, or vulnerabilities in third-party software – they gain the same sweeping access as legitimate administrators.
“You’ve got these centralised pockets of authority that exist in the digital world, and they pose a massive risk to everyone who’s relying on them,” Tide co-founder Michael Loewy told this masthead.
“Someone, somewhere, must hold the keys to decrypt and access data – and that someone can be compromised, coerced, or become a rogue insider.”
After seven years of research and development validated by Australian universities including RMIT, Deakin and University of Wollongong, Tide’s solution is deceptively simple: lock data with cryptographic keys that no one ever holds – not system administrators, not rogue CTOs, not even Tide itself.
“Even if someone has gained complete control of your system, it doesn’t mean you end up with the mass data breaches we’re seeing daily,” Loewy said.
Tide Foundation co-founder Michael Loewy, Becco co-founder Geoff Stooke, Tide Foundation co-founder Yuval Hertzog, Becco co-founder James Soutter, Tide Foundation co-founder Dominique Valladolid.Credit: Tide Foundation.
The technology operates through what researchers call “ineffable cryptography” – keys exist in pieces across a network, with no single entity able to access them directly. The research was led by co-founder Yuval Hertzog, a former cyber intelligence R&D head who helped invent Voice over IP.
Tide Foundation’s partnership with Becco offers so-called ‘guaranteed cybersecurity’ – a stark departure from traditional cyber insurance that requires exhaustive 40-page questionnaires about compliance regimes and often fails to cover breaches through third-party vendors.
Businesses who adopt TideCloak will be rewarded with preferential insurance rates, a program Hertzog says emphasies the choice of technology itself over the competence of those operating it.
“To use a car insurance analogy, it’s as if a driver can tap into preferential insurance for choosing a car that physically cannot run off the road because the roads are magnetically guided,” Hertzog said. “The insurer isn’t betting on your driving skills; it’s betting on iron-clad physics.”
Becco founder Geoff Stooke said the partnership recognises that cryptographically hardened systems represent “a fundamentally different class of risk” that deserves better terms.
But Loewy warns that Medibank and Optus were merely wake-up calls. “The true damage of these breaches is yet to be fully recognised. There’s so much information on individuals from various breaches, and then AI to thread it all together, that someone has such a rich profile that they’ll be opening bank accounts in your name, selling your house from underneath you.”
It comes as global cybercrime damages are projected to exceed $10 trillion annually by 2026, despite organisations spending over $300 billion yearly on security tools that repeatedly fail.
“Most organisations don’t actually give a shit about security,” Loewy said. “They don’t want to know how something works. They just want to know that it works.”
“Things will just keep getting worse because looking to AI as salvation is the wrong place to be searching. Trying to stop someone getting in is almost futile. You have to make sure that when it happens, it’s not consequential.”
The technology has already been integrated into Red Hat’s open-source Keycloak platform, with IBM now working to incorporate Tide’s additions into the core codebase. Several Fortune 500 companies are implementing it in closed trials.
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.
Most Viewed in Technology
Disclaimer : This story is auto aggregated by a computer programme and has not been created or edited by DOWNTHENEWS. Publisher: www.smh.com.au
