A Recent survey of Thales’ 2017 Global Encryption Trends Study shows that only 41 percent of enterprises have an encryption strategy which has consistency throughout the company.
Other findings of the reports are as follow-
Forty-six encrypts data on-premise before sending to the cloud
Twenty-one percent encrypts data in the cloud
Thirty-seven percent gave control of keys and encryption processes to cloud service providers
Fifty-five percent believe that compliance is the most important driver for encryption
“The accelerated growth of encryption strategies in business underscores the proliferation of mega breaches and cyber attacks, as well as the need to protect a broadening range of sensitive data types,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.
“Simply put, the stakes are too high for organizations to stand by and wait for an attack to happen to them before introducing a sophisticated data protection strategy,” Ponemon added. “Encryption and key management continue to play critical roles in these strategies.”
A different survey conducted by Venafi of more than 1,540 information security professionals shows that twenty-three percent have no idea the extent of decryption and inspection of encrypted data.
“Encryption offers the perfect cover for cyber criminals,” Venafi chief security strategist Kevin Bocek said in a statement. “It’s alarming that almost one out of four security professionals don’t know if his or her organization is looking for threats hiding in encrypted traffic.”
“It’s clear that most IT and security professionals don’t realize the security technologies they depend on to protect their business are useless against the increasing number of attacks hiding in encrypted traffic,” Bocek added.
This survey also showed that 41 percent companies encrypt at least 70 percent of internal network traffic.
“Although the vast majority of the respondents inspect and decrypt a small percentage of their internal encrypted traffic, they still believe they can quickly remediate a cyber attack hidden in encrypted traffic,” Bocek said. “The problem is that attackers lurking in encrypted traffic make quick responses even more difficult.”
“This is especially true for organizations without mature inbound, cross-network, and outbound inspection programs,” Bocek added.
“This overconfidence makes it very clear that most security professionals don’t have the strategies necessary to protect against malicious encrypted traffic.”
____________________________________________________________________________________________
Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.