News & Views

Data encryption uptake rises

The number of UK organizations implementing data encryption as a core part of their cybersecurity strategy is on the rise almost half (47%) of organizations saying they now require the encryption of all data whether it’s at rest or in transit, according to the latest survey by Apricorn (www.apricorn.com).

Over 15% of IT leaders surveyed admit that a lack of encryption had been the main cause of a data breach within their company, up from 12% in 2021, with nearly a quarter (24%) saying they believe that the increase in ransomware attacks can be attributed to the rise in remote working.

“It’s encouraging to see encryption high up on corporate priority lists; messages about the crucial role it must play in protecting sensitive information are clearly getting through,” says Jon Fielding, Managing Director EMEA, Apricorn.  “When data is encrypted, it’s fully protected – if an unauthorized individual gains entry to an IT system or picks up a device that’s been left in an Uber, for instance, the information will remain unreadable.”

The proportion of organizations dealing with the risk to data held on removable media by physically blocking their use has dropped from 13% in 2021 to just 8% this year, with the survey revealing that 42% of companies now only allow the use of removable storage devices if the data is hardware encrypted – up from 33% last year.

“Built-in hardware encryption with onboard authentication affords stronger protection than software-based encryption, which can leave devices exposed to counter resets, software hacking, screen capture and keylogging,” explains Fielding.  “When held in a hardware crypto module, encryption keys are protected from brute force attacks and unauthorized access.”
 
“Businesses are now showing increasing maturity in their approach to cybersecurity in hybrid working environments,” continues Fielding.  “By choosing to avoid a ‘blanket ban’ on removable devices and seeking instead to secure the endpoint and the data, they can fully reap the productivity and flexibility benefits gained from storing or moving data around safely, offline.”

Data encryption provides organisations with a way to mitigate the biggest challenges faced by organizations when implementing a cybersecurity plan for remote or mobile working. According to the IT leaders surveyed by Apricorn, the three biggest problems are the complexity of managing all of the technology that employees need and use (cited by 42%), followed by the likelihood that employees will unintentionally expose the organisation to a data breach (38%), and uncertainty around whether data is adequately secured (32%).
 
“Organization-wide encryption is a straightforward way of staying ahead of evolving cyber threats, complying with legislation and mitigating human error,” says Fielding.  “To be completely effective, it needs to become ‘business as usual’ – embedded into ways of working, mandated in policy, and enforced at an operational level.”