Is Encryption Falling Out Of Favour?

Uploaded on 2024-06-11 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Even the most security-conscious organisations can succumb to a data breach. Consider the Ministry of Defence (MoD)  - one of the most secure organisations in the world, you would hope. Despite its stringent measures, figures reveal that the MoD has lost 1,007 laptops, 462 mobile phones, 265 USB data sticks, and 183 hard disk drives containing sensitive and confidential data since 2019. The sensitivity of this data cannot be understated.

From critical national defence plans to the personal information of high profile undercover national security professionals, the loss of such devices could have catastrophic consequences.

Fortunately for the MoD, a key component of their security strategy has helped mitigate these potential damages – encryption. In today's world, where personal and sensitive information is constantly at risk, encryption has become a key tool in maintaining the security and privacy of data by encoding it to ensure it remains inaccessible to unauthorised users.

Even if there is a data breach, and a system or device is physically stolen, illegally accessed or lost, encryption is able to ensure that data remains protected. 

Encryption Lacking On Peripherals

Yet despite encryption being a vital component in the overall cybersecurity puzzle, there has been a concerning drop in the number of companies employing it as part of their standard security practices. According to research from Apricorn, little more than one in ten organisations encrypt data on all laptops - down from 68% in 2022. Looking at desktop computers (down from 68% to 17%), mobile phones (55% to 13%), USB sticks (54% to 17%) and portable hard drives (57% to 4%), we see a similar story.

An alarming number of organisations appear to have taken a backwards step in the protection of information during sharing, handling, and storage, heightening the risk of data exposure.

Notably, 17% of security leaders responding to the survey cited a lack of encryption as the primary cause of at least one data breach - up 5% versus 2021 - and lost or misplaced devices containing sensitive information resulted in breaches at 18% of firms surveyed.

Greater Visibility Of Data

With encryption being pushed aside, many businesses are now struggling to protect critical data - a trend that urgently needs to be reversed. Fortunately, many enterprises are actively working to implement the necessary changes, leading to a notable increase in the number of security leaders planning to encrypt data as standard which has risen from 12% to 23% on average across all devices.

Interestingly, the rise is particularly prevalent for removable devices. For example, over 42% of organisations now plan to introduce or expand encryption on USB sticks, up from 20% in 2022, and 48% plan to do the same for portable drives, up from 16% in 2022. This intent is promising, but what is needed to turn it into action?

Currently, a major stumbling block for enterprises revolves around the widespread shift to remote working. Among those who have embraced a decentralised workforce, 22% revealed they have no control over where company data is stored, while 14% admitted they lack a clear understanding of which data sets need to be encrypted. 

Bridging this visibility gap and enhancing control over data is absolutely vital if encryption is to be implemented on a company-wide basis. Any lack of oversight in relation to both data and devices significantly heightens the risk of data breaches.

Proactive Prioritisation

The imperative to standardise encryption across the enterprise shouldn't be seen merely as a burden but as an opportunity for advancement. Benefits associated with bridging the encryption gap include the secure sharing of files (20%), safeguarding against lost or stolen devices (18%), and avoiding regulatory penalties (14%).
It's evident that companies recognise the value of taking these strides.

However, with only 12% of organisations presently encrypting data on all laptops and 13% on all mobile phones, more proactive measures are urgently required.

Given the potential repercussions of sensitive data loss or leakage, mere intention is insufficient. Today, companies must proactively prioritise the automatic encryption of all company data as standard across the organisation.

Jon Fielding is Managing Director, EMEA, at Apricorn

Image: Unsplash

You Might Also Read: 

Have We Become Complacent About The ‘Insider Threat’?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

 

 

« OpenTofu's New State File Encryption Is A Boon For IaC Security
Kinsing Malware Attacks Analysed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Securosis

Securosis

Securosis is an information security research and advisory firm dedicated to improving the practice of information security.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

Jscrambler

Jscrambler

Jscrambler addresses all your JavaScript and Web application protection needs.

WizNucleus

WizNucleus

WizNucleus develops, markets and supports a software platform (Cyberwiz-Pro) that enables Critical Infrastructure enterprises to ensure the future state of their cybersecurity and remain compliant.

Learn How To Become

Learn How To Become

At LearnHowToBecome.org, our mission is to help any job-seeker understand what it takes to build and develop a career. We cover many specialist areas including cybersecurity.

Maven Technologies

Maven Technologies

Maven Technologies specialize in secure data destruction, electronics recycling, asset management, and highly detailed reporting.

Contechnet Deutschland

Contechnet Deutschland

Contechnet Deutschland started as a specialist in the area of IT disaster recovery and has since broadened its portfolio into information security and data protection.

Amidas Hong Kong

Amidas Hong Kong

Amidas is your trusted companion on the road to Digital Transformation. We provide a full range of Information Technology Solutions and Professional Services to Enterprise customers.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

Willyama Services

Willyama Services

Willyama Services is a certified Information Technology and Cybersecurity professional services business providing services to government and private sector clients.

Security Risk Advisors (SRA)

Security Risk Advisors (SRA)

Security Risk Advisors deliver cybersecurity services to leading companies in the Financial Services, Healthcare, Pharmaceuticals, Technology and Retail industries.

Vantor

Vantor

Vantor is a Managed Security Services Provider (MSSP) that specializes in providing outsourced, managed cybersecurity services.

ViCyber

ViCyber

ViCyber is an Australian based company whose mission is to simplify and strengthen cybersecurity for all businesses, irrespective of size.