It should come as no surprise that cyber-security remains the number one challenge for CTOs in 2019. The World Economic Forum warns that cyber-attacks represent one of the biggest threats to the global economy and predicts that economic loss due to cybercrime will hit a staggering $3 trillion by 2020.
Although it’s more often the major data breach incidents that make the headlines, such as the 29 million accounts compromised by the Facebook password hack in 2018, data loss (and its implications) threaten organisations of all shapes and sizes.
Privacy breaches are big news because they impact millions of consumers, but privacy is just one of the standards under threat. Hackers steal $billions of Intellectual Property every year and the long-term impact on a breached organisation can be devastating.
One case in point is Australian firm Codan, which was forced to slash the price of its products following the theft of IP data by a foreign manufacturing rival during a trip to China. As a result, its profits tumbled from $45million to $9 in a year!
Cyber-Security readiness in decline
Calculating the cost of a data breach can be complicated. Aside from the obvious, there are a variety of hidden costs associated with detection, response and remediation of a breach. The 2018 Cost of a Data Breach report suggests the average total cost of a breach now stands at $3.86million; that’s an increase of 6.4% on the previous year.
The report identifies four primary cost centres: detection and escalation, notification, post-breach response and opportunity cost. The latter considers long-term loss of business opportunities resulting from a negative impact on competitive advantage or reputation.
According to Hiscox’s 2019 Cyber Readiness Report, cyber-security spending is up 24% on last year. The report surveyed over 5,000 IT professionals from across Europe and the US and reveals that 61% of firms suffered a breach in 2018. Despite this, the number of organisations achieving top “readiness” scores is in decline.
Cyber-security best practice advocates for a multi-tiered approach, including elements of prevention and protection technologies. Prevention technologies (firewall, anti-virus etc.) are essential in combatting broader threats such as malware, DoS attacks and ransomware. However, they do nothing to protect your data assets. For this, you need to secure the data itself using encryption.
If your data is worth anything, it’s worth encrypting
Amongst all the tools available to cyber-security professionals, none provides greater data protection than encryption. In the event of a breach, if the data is encrypted using standards-based algorithms and best-practice key management, information is rendered useless to unauthorised users. As Dr Ian Levy of the UK’s GCHQ put it “You don’t trust the network to protect you, you protect yourself”.
However, it’s important to realise that not all encryption solutions offer the same level of security. Network services promising “embedded encryption” within embedded devices such as switches or routers come with their own vulnerabilities.
If you are transmitting data with any degree of sensitivity, it needs to be encrypted. This is as relevant for day-to-day file-sharing workflows, such as email, as it is for network transmitted data. Email is recognised as an insecure way of sharing files. If the files contain sensitive or proprietary information, a secure file-sharing application should be used.
Once again, it’s important to note that not all public file-sharing applications are as secure as they may appear at first. Google Docs, Office365, Box, Dropbox and OneDrive have all suffered high-profile breaches in recent years. Also, if you’re using a file-sharing app, new data protection regulations will have implications for data sovereignty and file location.
Encryption is not hard
Does encryption security come at a cost? Yes, but at significantly less that you think. End-to-end encryption doesn’t have to mean significant capital outlay. It doesn’t have to be difficult to deploy. It doesn’t require loads of management time and it doesn’t have to impact on network overhead, application performance or user experience.
The World Economic Forum predicts that 74% of organisations will fall victim to cyber-attack this year. As the volume, frequency and cost implications of cyber-attacks continue to rise, the question you should be asking yourself is not “can I afford to encrypt?”, but “can I afford not to?”