Story image

Organisations putting stronger focus on data encryption – report

02 Apr 2019

The use of trusted cryptography to protect is at an all-time high, according to the 2019 Global Encryption Trends Study from the Ponemon Institute.

With corporate data breaches making the headlines on an almost daily basis, the deployment of an overall encryption strategy by organisations around the world has steadily increased.

This year, 45% of respondents say their organisation has an overall encryption plan applied consistently across the entire enterprise with a further 42% having a limited encryption plan or strategy that is applied to certain applications and data types.

Threats, drivers and priorities

Employee mistakes continue to be the most significant threat to sensitive data (54%), more than external hackers (30%) and malicious insiders (21%) combined.

In contrast, the least significant threats to the exposure of sensitive or confidential data include government eavesdropping (12%) and lawful data requests (11%).

The main driver for encryption is the protection of an enterprise’s intellectual property and the personal information of customers – both 54% of respondents.

With more data to encrypt and close to 2/3 of respondents deploying 6 or more separate products to encrypt it, policy enforcement (73%) was selected as the most important feature for encryption solutions.

In previous years, performance consistently ranked as the most important feature.

Cloud data protection requirements continue to drive encryption use, with encryption across both public and private cloud use cases growing over 2018 levels, and organisations prioritising solutions that operate across both enterprise and cloud environments (68%).

Data discovery the number one challenge

With the explosion and proliferation of data that comes from digital initiatives, cloud use, mobility and IoT devices, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy with 69% of respondents citing this as their number one challenge.

Trust, integrity, control

The use of hardware security modules (HSMs) grew at a record year-over-year level from 41% in 2018 to 47%, indicating a requirement for a hardened, tamper-resistant environment with higher levels of trust, integrity and control for both data and applications.

HSM usage is no longer limited to traditional use cases such as public key infrastructure (PKI), databases, application and network encryption (TLS/SSL); the demand for trusted encryption for new digital initiatives has driven significant HSM growth over 2018 for code signing (up 13%), big data encryption (up 12%), IoT root of trust (up 10%) and document signing (up 8%). 

Additionally, 53% of respondents report using on-premises HSMs to secure access to public cloud applications.

Ponemon Institute chairman and founder Dr. Larry Ponemon says, “The use of encryption is at an all-time high, driven by the need to address compliance requirements such as the EU General Data Protection Regulation (GDPR), California Data Breach Notification Law and Australia Privacy Amendment Act 2017, and the need to protect sensitive information from both internal and external threats as well as accidental disclosure.

“Encryption usage is a clear indicator of a strong security posture with organisations that deploy encryption being more aware of threats to sensitive and confidential information and making a greater investment in IT security.”

nCipher Security, senior director of strategy and business development John Grimm says, “Organisations are under relentless pressure to protect their business critical information and applications and meet regulatory compliance, but the proliferation of data, concerns around data discovery and policy enforcement, together with lack of cybersecurity skills makes this a challenging environment.”

Other key trends include:

  • The highest prevalence of an enterprise encryption strategy is reported in Germany (67%) followed by the United States (65%), Australia (51%), and the United Kingdom (50%).
     
  • Payment-related data (55% of respondents) and financial records (54% of respondents) are most likely to be encrypted. Financial records had the largest increase on this list over last year, up 4%.
     
  • The least likely data type to be encrypted is health-related information (24% of respondents), which is a surprising result given the sensitivity of health information and the recent high-profile healthcare data breaches.
     
  • 61% of respondents classify key management as having a high level of associated “pain” (a rating of 7+ on a scale of 10).  This figure is almost identical to the 63% of organisations that use six or more separate encryption products, suggesting there is a clear correlation between the two findings.
     
  • Support for both cloud and on-premises deployment of encryption has risen in importance as organisations have increasingly embraced cloud computing and look for consistency across computing styles.

 

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.