You have encryption - How are cybercriminals still stealing data?

We can’t seem to go a week without hearing about another massive data breach where an organization that you entrusted with the security of your data - names, email addresses, passwords, Social Security numbers, banking data, home addresses, medical records, and much more - has fallen victim to a cyber attack. With so much attention and budget spent toward cybersecurity you may ask yourself: how are cybercriminals still stealing data?

A very shallow dive into the world of cybersecurity will quickly result in highlighting the importance and effectiveness of encryption. There are a couple terms and concepts that are important to discuss to truly understand why encryption is important, and why you want to make sure you have enough of the right kind of encryption to actually protect your data. Some concepts, like End-to-end encryption (E2EE) ensure that your data is secure from third-parties viewing it en route. Others, like symmetric encryption and asymmetric encryption (sometimes known as public key encryption), have their own pros and cons depending on the desired use case.

End-to-end encryption (E2EE)

E2EE has gained popularity over the years as organizations and individuals have become increasingly privacy conscious. The premise behind E2EE is that data should stay private from all parties, not just criminals. Non-E2EE communications are encrypted from the sending party, then decrypted at a centralized point, and re-encrypted when sent to the receiving party. This is secure from malicious users listening in on the data stream, but allows the owner of the communication service to view the data as it moves around. E2EE ensures that the data never gets decrypted until it arrives at the receiving party so only the two parties involved share the information.

Symmetric Encryption

Symmetric encryption refers to encryption schemes that use the same key for encryption as decryption. The benefit of this method is that it is much quicker than asymmetric encryption and that there is less tracking involved since you use the same key for both processes. The major downside is that having the same key for both processes is inherently much less secure and is more difficult for data sharing since the other party will have the information to decrypt your data.

Asymmetric Encryption

Asymmetric encryption uses two keys, a public key that can only encrypt data and a private key that can decrypt data. While the processing is slower than symmetric encryption, it is highly beneficial when you need data encrypted and you don’t want to allow everyone to have the ability to decrypt your data. Additionally, since you’re not passing your private key around there is much less of a risk that the key used for decryption gets intercepted by a malicious third party.

What is also important in the discussion of data encryption are the states of data. There are three states of data: data at rest, data in transit, and data in use. Understanding how encryption is used in each of these states is directly related to our original question of how cybercriminals are still stealing data.

Data at Rest

Data in this state is stored for future use or transmission. This can be in the form of files on a desktop, records in a database, files in the cloud, or any other ways data can be stored.

Data in Transit

As the name suggests, data in this state is on the move. When you send data from one point to another, it's in transit. Often, when you hear about E2EE it is in regards to data in transit, keeping your messages private from third parties.

Data in Use

Again, this is fairly straightforward as data in use is the state of the data when you’re actively using it for something. This can be in the form of opening a file, an algorithm processing data from a database, or any other way data is used.

Often when you hear about data being encrypted, it's referring to data that is in transit and that the transfer is encrypted. This is very important so that your data isn’t stolen by a third-party listening in on the connection. However, once the data arrives at its destination the encryption ends and the data is left exposed again. This discrepancy between states of data and types of encryption is how cybercriminals are still able to offload data during breaches. It’s important to know what state of data your encryption secures.

A complete cybersecurity strategy will include a level of encryption on all forms of data, at all of the states of data. If a cybercriminal is able to remotely access a desktop and there isn’t file-level encryption, then all of those files at rest are exposed and vulnerable. This is similar to the recent case at Morgan Stanley, as well as prior cases involving numerous organizations, where sensitive files were being securely transmitted through the Accellion File Transfer Appliance (FTA), but were not encrypted at rest so when cybercriminals hacked the Accellion FTA application, the files had no additional protection.

Whether you have a robust defense-in-depth, or you are looking for foundational security, we believe file-level encryption has a pivotal place in your cybersecurity strategy. Ultimately, if you have files that contain sensitive information that data is exposed unless it's protected at rest with encryption. Phalanx aims to simplify the process of file encryption so that your users spend less time worrying about security, and more time doing their important work. Protect your data with encryption at all stages.

37 views0 comments