Too Many Still Don’t Utilize Encryption

Encryption is the last line of defense in data protection.  Even if all the perimeter barricades are broken, as they often are, encrypting the information stored within makes it illegible and useless to intruders.

Why do I mention this?  Because with October behind us, so too has ended National Cybersecurity Awareness Month.  This collaboration between government and industry is designed to spotlight the topic for consumers, and ensure they have the necessary resources for keeping their data safe online (after last month, I’d say a substantial number of people unfortunately got some first hand experience).  Despite this, Gemalto’s latest Breach Level Index shows some disturbing, though not entirely surprising, statistics.

For starters, the first half of 2017 saw more compromised personal data than in all of 2016.  918 data breaches this year resulted in 1.9 billion affected records during that first half; compared to the last six months of 2016, that’s an increase of 164 percent.

In my opinion, however, the most damning figure relates to encryption.  According to the report, less than one percent of the data in question was encrypted.  For 2017, given all that we’ve experienced and all we now know, this number is shocking.

Other revelations include the fact that external threats constitute 74% of all breaches; that for a large portion of the year, identity theft was the leader in terms of incidents resulting from a data breach; and, most of the industries the BLI tracks showed an increase of more than 100% in the number of compromised records.

What ultimately stands out, however, is the colossal dearth of encryption at the company level.  Strong cryptography is an essential, if not the most crucial component of protecting valuable data.  At this point, nothing could be clearer.  Any organization lacking on this front is doing a grave disservice to itself and its customers.