- Security TWENTY
- Women in Security
According to Techopedia, one technical definition of encryption is “the process of using an algorithm to transform information to make it unreadable for unauthorised users.” According to the Ponemon Institute’s 2016 Global Encryption Trends Study, there’s been a big jump in the number of organisations using encryption across the enterprise. Some 41pc of respondents say that encryption is adopted extensively in their organizations, an increase from 16 per cent in 2005. However, encryption has its own shortcomings, writes Jason Howells, EMEA Director, MSP Solutions at Barracuda Networks.
On its own it is not enough to guarantee complete protection. It should be seen as part and parcel of a company’s’ overall cyber security initiative to safeguard against hackers and cyber criminals. In the cat and mouse game of cyber security protection, hackers are becoming increasingly skilled at identifying and exploiting weaknesses in an organisation’s networks. From back doors, weak keys and insecure web scripts, hackers will find a way in if there is one.
One way to think about encryption is it being like the lock on your front door. Behind this door are your treasured possessions – your furniture, TV, jewellery, the much-loved family pet. As well as your house key, you might also have a chub lock for added security. The stronger the lock, the harder it should be for a thief to break in.
For a business, its most treasured possession is its data. The stronger the lock (the encryption) the tougher it is for a hacker to break through. And using an encryption standard like AES (Advanced Encryption Standard) which features a maximum key size of 256 bits makes it almost impossible to crack. However, what happens when you open that door? The lock is now inactive – or ineffective. Your data is at rest. It is at this point that cyber criminals will strike.
End-to-end encryption will definitely help mitigate against the exploitation of data at rest. However, the downside is that because the data is shielded and unreadable throughout its entire journey, additional security mechanisms like full-packet capture tools are rendered ineffective – largely because they rely on payload visibility. This is important because encryption acts in effect like a cloak, concealing potential indicators of compromise that are used to identify and track malicious activity. Take, for example, peer-to-peer file sharing applications such as BitTorrent. Over the years, these have added additional layers of encryption that make it easier to bypass corporate firewalls. These not only have the potential to open companies up to liability concerns associated with pirating movies and other digital content, they are infamous for transporting malware – and software and games are especially dangerous, since these contain executable files.
To encryption – and beyond
Let’s be clear. Encryption is important. And the importance of encryption in data protection cannot be denied. But leaning on it as an entirety is likely to leave you open to vulnerabilities that hackers and cyber criminals know to exploit. The best practice method is to ensure that encryption is featured amongst an array of security measures to ensure that your data remains secure and that your security puzzle is complete.