In its 2016 Breach Level Index report, Gemalto revealed that 1,792 breach incidents took place worldwide, affecting more than 1.3 billion records. This equates to over three million records being lost or stolen every day last year and brings the total number of records compromised since 2013 to over seven billion.
While the total number of recorded breaches only rose by 6% compared to 2015, the number of records lost or stolen as a result of these breaches saw a far greater increase – up a staggering 86% year on year. Malicious outsiders are responsible for the majority of breaches (58%); primarily for the purposes of identity theft or accessing financial details.
The figure that caught our eye more than any other was the fact that just 4.2% of breaches over the past four years have involved encrypted data. Given the high-profile encryption has enjoyed in recent years, and the undeniable impact of a breach, it is amazing that data controllers and processors have not embraced encryption more enthusiastically.
Why don’t businesses encrypt data?
With Gemalto’s findings in mind, we can’t help but ask ourselves why, in the face of such risks, do we see little or no data encryption from so many businesses?
Some organisations may simply think that the possibility of being hacked is too remote, but the current state of the market – as signalled by the report – offers an insight into just how likely a breach is, and how damaging inaction may be.
Others may adopt a more traditional school of thought in that the cost of securing the network is too high and the penalties associated with a successful breach too low – leading to a lack of incentive to put systems and processes in place that ensure data security. In addition, there was the overhead to the network to consider.
Now, however, this is no longer true. The price of high-assurance encryption has come down significantly in recent years, making it more accessible and affordable to all. In terms of network overheads, encryption at Layer 2 no longer impacts network performance or bandwidth availability.
The introduction of GDPR, which we’ve discussed in the past, will also change the way of thinking for many when it comes to breach penalties. Under this new standard for data protection, organisations that do not secure their data properly, and fall victim to a breach, could face penalties of up to €20 million or 4% of annual revenue (whichever is greater).
As well as financial penalties, it will also be mandatory for businesses to notify the affected parties that a breach has taken place and their data has potentially been stolen. This adds a new dimension to the management of breaches; organisations will be faced with a potential loss of consumer confidence and brand loyalty, meaning the true cost of a breach could be much greater than a headline fine.
Under the new regulations, if an organisation has taken sufficient security measures (i.e. encrypted its data) it is possible to escape the mandatory breach notification. However, the GDPR does not go into too much detail when it comes to recommended encryption modes or standards.
Why and where should you use encryption?
With the revelations of Gemalto’s report and impending arrival of GDPR, you should be looking at encrypting your data now. Doing so will ensure vital and sensitive information is protected from hackers, as even if your business does face a successful breach, the leaked data will be useless.
Encryption ensures your data is protected both at rest and in motion, making it completely secure and impossible to intercept and decrypt when flowing over both public and private networks.
The value of quantum cryptography
With the age of quantum computing drawing ever-closer, traditional encryption methods are becoming at risk. While brute force attacks can take months to break through security, quantum attacks can use more advanced techniques to break standard encryption in a much shorter timeframe.
Using quantum cryptography now will provide immediate protection to your data in the face of today’s brute force attacks, ensure that data with a long shelf life is protected against future attacks and safeguard high-value data in a post-quantum computing world.
For more on quantum cryptography solutions from IDQ, visit https://www.idquantique.com/quantum-safe-crypto/