The word "encryption" continues to show up in news headlines as both a protective measure and attack tactic. Due to an increase in ransomware attacks, laypeople usually connect "encryption" with locking data away from those who need it. However, the inverse is true: Encryption is more often used to protect data by making the information unusable to threat actors.x
Ready to learn why encryption matters to the security and privacy of your organization? Keep reading.
The first step to understanding why organizations need to use encryption is to understand what it is and how it works. So, what is encryption?
Data encryption or cryptography is a security control that uses mathematical algorithms to scramble plaintext data and make it unreadable unless the user also has the necessary decryption technology and keys. Three primary types of encryption exist:
Although multiple encryption standards exist, the Advanced Encryption Standard (AES) is the one used by government and commercial organizations to protect sensitive data.
Now, how does encryption work? Understanding the framework behind different types of encryption provides better insight into how an organization can protect data. Let’s take a look:
With symmetric-key encryption, one key - called the secret key - both encrypts and decrypts the electronic data. The key scrambles the data either at rest or in-transit until the recipient uses the algorithm to revert the data back to its plaintext format.
Two types of symmetric key encryption exist:
Asymmetric key encryption uses two keys, a public one and a private one. The public key does the encryption while the private key decrypts the data. Both secure sockets layer (SSL) and Transport Layer Security (TLS) use asymmetric encryption to protect information transferred across an internet connection securely.
While asymmetric key encryption can be more secure because it uses longer keys than symmetric encryption, it also comes with security vulnerabilities. Organizations need to put a full public key infrastructure (PKI) in place, and many organizations struggle to keep track of their certificates and keys.
Hash functions work by mapping input plaintext data and turning it into a fixed-length encrypted output. The data and the associated hash function are mapped to one another in a fixed-size hash table. Since the fixed-length output is often smaller than the input, the output is called a hash digest, hash value, or hash code.
Secure hash functions (SHA) are often combined with other types of cryptography, like symmetric key encryption. While SHA is generally secure, threat actors can engage in hash function attacks if the organization uses SHA-1 to try to create a “collision,” where two input data points end up in the same hash digest.
Using encryption can reduce the impact of a data security incident in several different ways. Let’s take a closer look at three reasons why encryption matters to any given organization.
When using encryption, organizations are able to make data at-rest and in-transit unusable, even if threat actors successfully deploy an attack. As long as the threat actors do not have the decryption key, the data becomes meaningless to them.
Nearly every cyber security and privacy compliance mandate incorporates encryption as a control. Some examples of compliance requirements that include encryption are:
Many organizations store login and password information as structured data in databases, so most password managers use end-to-end encryption to protect passwords. By encrypting login data, organizations mitigate the risk that threat actors will be able to intercept unsecured password data. Otherwise, this could lead to widespread, multi-device attacks across your network.
Encryption enhances an organization’s privacy controls, especially as companies add new digital customer experiences. For example, if an organization creates an end-user application, it should incorporate encryption of data both in transit and at rest. In doing this, organizations mitigate the potential impact of attacks like man-in-the-middle that use public internet access to steal data.
If data is encrypted at rest, a data breach which exfiltrates the data will be meaningless as the threat actors will be unable to publish that data to embarrass you.
Additionally, encrypting business emails can prevent violations of internal controls. If someone sends an email to an external user who should not have access to the data, then the encryption prevents the person from reading the email’s content.
When looking at how threat actors use encryption as part of attacks, the first thought many people have is ransomware. Most recently, the REvil cyber criminal organization used a vulnerability in the on-premises Kaseya VSA product to successfully deploy a ransomware attack across the managed service provider (MSP) supply chain.
Attackers exploited a zero-day, or previously unknown, vulnerability to bypass the software’s authentication process. In doing so, they were able to use the VSA product to infect connected endpoints with ransomware. Attackers remotely accessed several VSA Servers and used an encryptor, scrambling the information contained on the impacted endpoints. Once the data was locked away, they requested a ransom.
News outlets estimate that anywhere from 800 to 1500 small to medium-sized businesses were impacted as a result of this breach.
As organizations work to secure data, protect privacy, and meet compliance mandates, vulnerability assessments, penetration testing, security testing, and managed backups become more important than ever.
Taking a hold of your security strategy doesn’t have to be overwhelming, however. At SoftwareOne, we can help you get a firm grip on your current ransomware readiness with our Ransomware Survival Guide. This guide contains a checklist that helps you understand and implement your first, second, third, fourth, and even fifth lines of defense against an attack.
If you’re looking for greater support, however, we’re here to help. SoftwareOne’s managed security services offer organizations of all sizes incident response and security testing capabilities. Our incident response consultants, for example, will rapidly respond to and help you recover from a cyber attack. With our security testing, organizations can take a proactive approach by reviewing their network and application security to remediate vulnerabilities that can lead to an attack.
With us by your side, you will be able to rest easy knowing your network will stay safe and secure.
For many organizations, ransomware continues to be a security concern. Understanding how encryption works is the first step to protecting against these attacks. Additionally, the same process - encryption - that is used in these attacks can also mitigate the risks associated with them.
As threat actors continue to evolve their methodologies, organizations need a way to protect their data and protect their customers. Leveraging managed security services provides the people and tools organizations need to reduce risk while providing better digital experiences. And when your organization is empowered to strengthen your security, every employee wins.
Here at SoftwareOne, we know that ransomware and other sophisticated attacks are no joke. Find out how we can help you take the first step towards stronger security.
Here at SoftwareOne, we know that ransomware and other sophisticated attacks are no joke. Find out how we can help you take the first step towards stronger security.
