If cybercriminals can’t see data because it’s encrypted, they have nothing to steal

Here’s the irony of ransomware data breach stories that gets surprisingly little attention: cybercriminals enthusiastically encrypt and steal sensitive data to extort money and yet their victims rarely bother to defend themselves using the same obviously highly effective concept.

It should be a no-brainer. If sensitive data such as IP are competently encrypted, that not only means that attackers can’t access or threaten to leak it, in many cases they won’t even be able to see it in the first place – all encrypted data looks alike.

Ransomware is like a tap on the shoulder, telling everyone they have a problem. It’s not that criminals are able to reach the data – perhaps that’s inevitable – but that when they get there, the data is defenseless, exposed. You could even argue that ransomware wouldn’t exist if encryption and data classification had been widely adopted in the Internet’s early days.

Historically, the calculation has always been less clear-cut. Using encryption (or tokenization) across an organization’s data is seen as adding complexity, expense and imposing a rigor few beyond elite regulated industries and government departments are willing to take on. It’s an issue that’s not lost on Thales UK’s cybersecurity specialist Romana Hamplova, and Chris Martin, IAM pre-sales solutions architect.

Read the whole article here: Read More