According to the findings published on June 2, companies that encrypt sensitive data have a good chance of avoiding the largest costs caused by data breaches, because the theft of encrypted information does not usually trigger data breach notification laws.
In this survey conducted by 451 Research and sponsored by encryption company Thales, almost half of the respondents (46%) said they avoided disclosing violations in the past because the stolen information was stored encrypted. According to Thales 2021 Data Threats, overall, more than half of the companies (56%) said they had suffered a data breach in the past, and 41% of companies had suffered at least one data loss in the past 12 months report.
Todd Moore, vice president of Thales Encryption Solutions, said that the average company only encrypts about 30% to 40% of data, although this is not a fair measure of whether appropriate data is secure.
“In fact, not all data are equal,” he said. “It is up to each organization to decide what is important to them, but I do think this indicator is very telling. I hope to encrypt more data in the cloud.”
Only 17% of respondents estimate that their company encrypts at least half of their data.
The investigation was conducted after a destructive year. The pandemic has prompted companies to adopt remote workforces and promote the adoption of cloud-native business infrastructure. According to Dark Reading, changes in the endpoint security environment, such as devices sharing home networks and the lack of a zero-trust architecture, have caused more than half (57%) of security experts to worry that the risk of data leakage has increased. Endpoint security status survey in 2021.
Respondents to the Thales survey believe that these changes will continue to exist. Nearly two-thirds (64%) of companies stated that they expect telecommuting will become a permanent part of their business, while one-third (32%) of companies expect the footprint of physical office space to decrease in the future.
The survey results show that, overall, 82% of companies are concerned about the security risks posed by remote workers.
“[R]Emoji work is expected to continue to maintain a high level, and…people are increasingly accepting that employees can work effectively in remote environments,” the report points out. “This means that organizations will need security controls and remote access mechanisms that can effectively organize A mixed work environment that has begun to accept. “
The survey shows that the violations suffered by the company in the past year have increased significantly, almost twice the number of violations suffered by the company in 2019, or 21%.
In addition, senior managers and employees have different perceptions of threats. 40% of executives believe that the threat of cyber attacks is increasing, while 60% of executives believe that there is no increase. However, most employees (56%) believe that the number, severity, or scope of attacks have increased, while 44% believe that cyber threats have stabilized or declined.
Malicious insiders continue to worry security professionals, with 35% of respondents viewing them as the biggest threat, and 31% of respondents viewing human error (non-malicious insiders) as the biggest threat. Only one-third of companies believe that external attackers or nation-state actors are the greatest threat.
Despite these trends, the company has only slowly adopted a zero-trust security approach. Three out of ten companies have adopted a zero-trust policy, and 22% are currently evaluating security methods.
“Sometimes, when we use the cloud, we become forgetful. I do think there are risks in the cloud,” Moore said. “The application provider is not responsible for protecting you as an individual. When you use the cloud, you configure it to be used in an appropriate way.”
Finally, almost half of corporate executives (47%) worry that quantum computing may make their encrypted data vulnerable again in the future.
The report said: “This level of awareness should arouse interest in post-quantum cryptography and efforts to improve cryptographic agility.” “These are the quantum computing risk methods that organizations should consider today, because when threatened participants can use practical In quantum decryption, data protected using vulnerable methods is still valuable.”
A senior technical reporter for more than 20 years. Former research engineer. Contributed to more than two dozen publications, including CNET News.com, Dark Reading, MIT Technology Review, Popular Science, and Wired News.Five journalism awards, including the best deadline… View full bio