Last updated: 23 October 2018
It has been a year after the massive breach on credit reporting giant Equifax, which exposed 143 million U.S. consumers to identity theft and other losses. Today, even more businesses are exposed to rapidly changing technologies that are hungry to produce, share, and distribute data. This blog explores the dangers of leaving high-value, sensitive information unprotected. It also provides a three-step approach against inevitable data breaches with encryption at its core.
After Equifax, Do Emerging Technologies Bring New Dilemmas?
Few things are more disappointing than high-impact disasters that could have been averted. When the credit reporting giant Equifax announced that it was breached on May 2017, 143 million U.S. consumers’ personally identifiable information (PII) were stolen. Further investigation revealed that Equifax not only failed to apply critical vulnerability patches and perform regular security reviews but it also stored sensitive information in plaintext without encryption.
The Equifax breach, the worst data breach in history, was preventable. The attack roots from a critical vulnerability in Apache Struts that has a patch released since March 2017, two months before the breach. There are multiple ways to defend against an inevitable breach that use zero-day vulnerabilities, and one of the strongest is to encrypt high-value, sensitive data at rest.
Every day, approximately 7 million records are lost or stolen because of data breaches. Majority of data on these breaches were unsecured or unencrypted. A global study on the state of payment data security revealed that only 43% of companies use encryption or tokenization at the point of sales.
Today’s IT security experts face new challenges. Small businesses and organizations of the same size as Equifax have started to implement high technology trends in the fields of democratized artificial intelligence (AI), digitalized ecosystems, do-it-yourself biohacking, transparently immersive experiences and ubiquitous infrastructure. As emerging technologies spread into more industries beyond banks and government agencies, the risk of another Equifax disaster grows closer. IT security teams need to ensure that sensitive data are protected wherever it resides.
Breaking Myths about Encryption
Encryption can cover threat scenarios across a broad variety of data types. Out of all recorded breaches since 2013, only 4% were secure breaches, or those where encryption was used. Yet businesses tend to bypass it for perimeter defenses and other newer technologies because of common misconceptions.
Many decision makers regard encryption as a costly solution that only applies to businesses with hardware compliance requirements. Encryption services, however, have grown to offer scalable data solutions. Encryption empowers businesses with the choice to encrypt data on one or more of the following levels: application, file, databases, and virtual machines. Encrypting data from the source, managing keys, and limiting access controls assures that data is protected on both the cloud provider’s and data owner’s ends.
Encrypting data is a flexible investment that ensures high levels of security and compliance for the most number of businesses. A reliable encryption service can free businesses from worrying about data tampering, unauthorized access, unsecure data transfers, and compliance issues.
In an age of inevitable data breaches, encryption is a necessary security measure that can render data inaccessible to attackers or useless to illegal vendors.
The Value of ‘Unsharing’ Your Sensitive Data
Today’s businesses require data to be shared in more places, where they rest at constant risk of theft or malicious access. Relying on perimeter protection alone is a reactive solution that leaves data unprotected from unknown and advanced threats, such as targeted attacks, new malware, or zero-day vulnerabilities.
More organizations are migrating data to the cloud, enabling big data analysis, and granting access to potential intellectual property or personally identifiable information. It is vital for organizations to start ‘unsharing’ sensitive data. But what does it mean to unshare?
Unsharing data means ensuring that high-value, sensitive information, such as intellectual property, personally identifiable information, and company financials, remain on lockdown wherever it resides. It means that only approved users and processes should be able to use the data.
This is where encryption comes in. To fully unshare data, organizations need to encrypt everything. Here are three steps on how to unshare and protect sensitive data through encryption:
1. Locate sensitive data – Organizations need to identify where data resides in cloud and on-premise environments.
2. Encrypt sensitive data – Security teams need to decide on the granular levels of data encryption to apply.
3. Manage encryption keys – Security teams also need to manage and store keys for auditing and control.
Despite common myths surrounding data encryption, remember that its application ensures companies with the most returns by providing both data protection and authorized access. To know more about the value of unsharing your data and applying an encryption-centered security approach, you can read our ebook titled Unshare and Secure Sensitive Data – Encrypt Everything.