Why Organizations Must Shift Encryption Strategies To Protect Customer Information In Light Of Todays Threats – Forbes

Posted on by

Cyberattack

Consumers are more aware than ever about the privacy and protection of their digital identities. According to a recent Prosper Insights and Analytics survey, 64% of adults are somewhat or very concerned about the privacy of their personal identity when shopping online. But beyond retailers tracking their online activity, customers are also concerned about the protection of their data following recent upticks in cyberattacks. So, what steps are retailers and other organizations taking to proactively protect their customers' and employees digital identities?

Prosper - Privacy Online

To gain a better understanding of how and why organizations need to prioritize protecting customers personal information or risk lost business and reputation, I connected with John Grimm, VP of Strategy and Business Development at Entrust, a global leader in trusted identity, payments and data protection. We spoke about organizations shifting their focus to improve security posture and his predictions for data protection in 2021 and beyond.

Gary Drenik: As organizations mobilized for remote work when pandemic lockdowns hit, new risks to sensitive data were created just as quickly. Can you talk us through how organizations have adjusted their data protection strategies to protect their most critical data?

John Grimm: The pandemic put even more pressure on organizations to scrutinize their security strategies to protect against threats. As increased hacking, like phishing attacks, became regular headline news, organizations quickly realized that keeping their companies secure meant more than improving VPN bandwidth for remote workers. Instead, they needed to focus on ensuring authorized workers have simple but secure ways of accessing sensitive information and that its protected from bad actors using a proven mechanism like encryption. So, even if a bad actor were to penetrate their network and steal information, it would be useless to them if the encryption keys were well protected.

According to our 2021 Global Encryption Trends Study, for the first time, 50% of organizations reported having an overall encryption strategy applied consistently across their organization and 37% reported at least a limited encryption strategy. This tells us that while deploying encryption strategies can be complex and time-consuming, enterprises recognize that they will benefit from prioritizing encryption solutions especially when it means increasing trust with customers and decreasing risk to their business.

Drenik: Now that we understand how organizations are increasingly adopting and using encryption, can you share a few examples of how encryption is being used in these organizations today? What are they encrypting?

Grimm: Encryption use cases are plentiful and different organizations choose to use them in different ways. The most mature and common use cases for encryption include internet communications, databases, internal networks, and backups and archives. However, over the last four years, weve seen newer encryption use cases emerge like containers, cloud services, big data repositories, and Internet of Things (IoT) devices and platforms.

When it comes to what these organizations are encrypting, the conversation isnt as straightforward. More than half of organizations believe the main driver for encryption is protection of customers personal information. However, payment-related data, financial records, intellectual property and employee/HR data are all more regularly encrypted than customer information. So, were seeing a clear disconnect between perceived threats and the realities of deploying encryption for customer data. This disconnect is likely due to the increased difficulty of protecting customer data in all the different locations and platforms where its stored and processed. Another surprising finding is that, despite its sensitivity, health-related information is the least likely to be encrypted.

Drenik: Is this enough? What threats and use cases will they need to focus on in 2021 to avoid losing customer trust and brand reputation?

Grimm: Consumer trust is paramount, and it's essential for organizations to identify potential risks before they jeopardize it. According to the study, employee mistakes continue to be the most significant threats to sensitive data, followed by system or process malfunctions, then hackers.

As the world continues to digitally transform, encryption technology and the way enterprises use it is more relevant than ever. While encryption and key management is complex, it is essential for enterprises to thrive amid expanding threats. Careful attention to key protection, and diligent discovery of new locations that sensitive data is finding its way to, are critical to a successful data protection strategy.

Drenik: We saw every industry undergo some form of digital transformation over the last year to maintain relevance and convenience for their customers. Are there any industries that are ahead of the game or falling behind when it comes to data protection?

Grimm: Weve found a steady increase in encryption in all industry sectors, except for communications and service organizations. The most significant increases in extensive encryption usage have occurred in manufacturing, hospitality, and consumer products.

However, the financial services industry was the target of constant attacks in 2020, and respondents rated the threat of malicious insiders higher than any other industry. Despite financial institutions deploying encryption, they need to stay agile to prevent serious breaches from jeopardizing customers' information by implementing a follow the data strategy to all locations where that data exists. By going a step further and implementing hardware security modules (HSMs) to protect encryption keys and encryption operations in certified, purpose-built hardware, financial institutions can keep customer data secure.

Drenik: We know that as organizations evolve their security strategies, attackers are evolving their strategies as well. What are the top challenges for organizations as they continue deploying encryption to protect against breaches?

Grimm: Were seeing organizations struggle to protect data in multiple locations, especially as they increasingly transition to the cloud. When deploying encryption to protect data in multiple cloud environments, its critical to manage the associated encryption keys in accordance with industry best practices. That becomes difficult at scale, particularly given that the average organization today uses eight different products that perform encryption.If organizations fail to implement lifecycle key management, including regular key rotation, they risk creating a vulnerability to sensitive customer information.

The good news is that security teams are starting to meet this challenge with HSMs. Encryption keys can be more effectively managed using HSMs, and our data shows their adoption is growing: two-thirds of respondents named HSMs as paramount to encryption or key management strategies.

Drenik: Lets talk about your predictions for encryption and data protection in 2021 and beyond. How do you anticipate the threat landscape will change? Will organizations employ new tactics to address these changes? Is there anything organizations can do to ensure their information is safe?

Grimm: In 2021, the transition to hybrid work environments will further push organizations to improve security practices and remain vigilant in their efforts to avoid a data breach, as these environments have created new destinations and potential exposures for sensitive data.

In addition to encrypting sensitive data, authentication is a critical safeguard to prevent unauthorized account access. Virtually every data breach can be traced back to compromised user credentials. Hybrid work multiplies this risk underlining the need for multi-factor authentication that provides an added layer of defense by requiring multiple credentials before employees can access an organizations network.

Drenik: Thanks, John, for weighing in on the state of encryption today and what it means for the safety of customers trusted digital identities. I look forward to connecting again to see how organizations continue navigating the complexities of data protection.

View post:
Why Organizations Must Shift Encryption Strategies To Protect Customer Information In Light Of Todays Threats - Forbes

Related Posts
This entry was posted in $1$s. Bookmark the permalink.