Council Post: How Business Leaders Can Proactively Prevent A Data Breach

Council Post: How Business Leaders Can Proactively Prevent A Data Breach

It’s no secret that the rise in threats from criminal actors has been an ongoing problem for business leaders and their organizations worldwide—and it’s showing no sign of slowing down. In the last two years, we have seen an increase in cybersecurity incidents that have affected organizations of all sizes around the world. In October 2021, Check Point Research (CPR) reported a 40% increase in cyberattacks globally, shining a light on the fact that 1 out of every 61 organizations worldwide was affected by ransomware attacks each week.

Today, breaches occur so regularly that they have become commonplace, which is incredibly concerning. Malicious actors are constantly hard at work looking for ways to gain access to data from individuals and organizations. Every industry is at risk of a breach, and what’s more is that accessing and stealing precious data is incredibly easy to do.

Leaders must take appropriate action to constantly improve existing defense mechanisms, as bad actors will continue to hone and improve their efforts and find gaps in security to steal data and use it for malicious purposes. With the rapid advancements in quantum computing, bad actors have increased the ability to access information that could be detrimental not only to individuals and organizations but to national security as well.

And the motivation behind threats has undoubtedly shifted over time. Financial gain continues to be a primary reason, but espionage and acquiring sensitive information are also big motivators for cybercriminals. Business leaders must take proactive steps now to safeguard their data and enhance data protection in the future.

Old Ways Will No Longer Protect You

It’s time to face the facts: The use of older encryption methods has reached its limit. These dated implementations are extremely vulnerable and no longer have the ability to adequately secure and protect. By resting on their laurels and not adapting and implementing appropriate changes, organizations are leaving themselves wide open to being targeted by malicious actors and having their data—and that of their customers and stakeholders—exposed. With the advancements in technology and movement toward a fully remote or hybrid work model, the amount of data has increased exponentially and the number of attack vectors available to cybercriminals has increased significantly as well, making it easier for malicious actors to breach security systems and take valuable information. It is time to embrace new encryption solutions.

Cybercriminals at home and abroad are taking advantage of poor encryption more and more each day. A trend we have seen more recently is the stockpiling of data to be decrypted down the line when developments in quantum computing make it possible. This poses a tremendous threat to organizations across every industry, resulting in business leaders needing to act sooner rather than later and ensure that their safety measures are appropriate for these potential risks. You might ask, “Why is it so easy for bad actors to decrypt data?” The answer is simple: aging technology, the use of a single key to encrypt a large quantity of data and storage of the encryption key on the same system as the data is being protected.

While many business leaders think about their current security programs and how they can best mitigate this risk and protect their organizations, one solution to consider is an encryption solution that leverages the concepts of OTP (one-time pad). One of the concepts of one-time pad is that the encryption key is as large as the data being protected, and as a result, it delivers a higher level of security than other encryption ciphers that are currently in use.

OTPs may have been around for a while, but they continue to represent an unbeatable cryptographic standard. With OTP, each encryption key is only used once, so even if an attacker could get access to an encryption key, that key can only be used to decrypt a single item of data (e.g., file, message, etc.). In addition to considering encryption solutions based on OTP concepts, business leaders need to take the time to regularly review their current encryption policies and technologies they deploy to ensure there are no glaring holes in security programs that could be easily exploited.

Organizations should also closely examine how sensitive data is being protected at rest and look for ways to enhance that protection. Most data at rest is being protected using a single encryption key for a large amount of data, and the key is cached on the same system as the data. Once attackers gain access to the system, they find the encryption key, utilize it to decrypt a significant amount of data and use it as “ransom.” We advise organizations that they should enhance this outdated methodology by transitioning to granular encryption of data at rest (each item is encrypted using a unique key) and storing the keys separately from the encrypted data in a key management system. Even if a single encryption key is compromised, only a small amount of data is exposed. This reduces the threat where attackers attempt to extort ransom to prevent the large-scale exposure of an organization’s sensitive data.

As we approach a new era of quantum computing, organizations must prepare for this by implementing quantum-resistant encryption algorithms. In the not-too-distant future, quantum computing will advance enough so that quantum computers of sufficient power will be available to break the encryption that is most commonly in use today. So, organizations should act now to start the process of transitioning to quantum-resistant encryption solutions.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Images Powered by Shutterstock