The Failings of Blanket Encryption
As the rate and severity of data breaches increase, industry leaders in the IT sector have sought more all-encompassing measures to safeguard sensitive information stored on company systems.
Many have identified the lack of blanket encryption for company files to be the primary cause of compromising data exposure following successful hacks by cyber criminals.
While the majority of stolen data consists of non-encrypted files, the question remains if blanket encryption is an efficient solution for maintaining IT security with an organization.
So what are the issues?
Blanket encryption presents several big drawbacks. Some of the more basic issues are already well known amongst cyber security professionals. First and foremost, blanket encryption relies on encryption keys in order for legitimate users to gain access to relevant files. Keys must be securely stored and access restricted appropriately.
Furthermore, keys themselves often become the target of malicious attacks on a system. Encryption merely shifts the information vulnerability from the sensitive files themselves, to the relevant keys stored on an organization’s database.
The threat of targeted attempts to obtain keys has lead industry leaders to develop security safe-locks that delete the keys from a system the moment indications of a hack are identified.
Logistical issues emanating from blanket encryption can also interfere with company operations. IT managers must ensure that all relevant users have access to keys when the needs arise. Coordinating access and configuring inline devices, especially in an era that demands remote system access, is a major task for even well equipped IT departments.
Encryption also faces an operations challenge when interfacing encryption protocol with existing applications. End users dealing with encrypted files have to be trained in how to operate primary task applications with encrypted data. Collaboration and sharing is also severely impaired when multiple members of a work team require regular access to an encrypted file.
But most importantly:
On a fundamental level, maintaining blanket encryption creates an environment advantageous to hackers. Research demonstrates that nearly all data breaches, over 90 percent, begin with phishing or other tactics by hackers to target users with malicious code which victims then inadvertently download onto company systems.
Hackers often resort to encrypting files containing viruses in order to avoid detection. The commonality of malware delivered to victims being encrypted increased from just two percent in 2015, to over 20 percent of all instances as of May 2017. According to a recent estimate, half of all malware will use some type of encryption to conceal delivery by 2019.
The bottom line:
Malicious programs can “blend into the crowd” within a system using blanket encryption, as system managers have to go to significant lengths to identify the content of any given file. Increased efforts within the cyber security community to identify encoded viruses using markers readable by a computer even in its encrypted state, demonstrate the pressing problem encryption poses to IT security maintenance.
A more focused alternative to blanket encryption uses the method of content aware discovery, to classify and assess data before it is encrypted. By limiting the amount of encrypted data on a system, content aware discovery can use encryption as a factor in identifying malicious files.
The method assesses traffic through a system and attempts to inspect the contained packages. If the encryption of a file prevents this, it serves as an indication that the file is foreign to the system. DLP protocols then kick in to isolate or discard the file before it is able to potentially release a payload and/or ex-filtrate data.
By implementing a targeted as opposed to blanket approach to file encryption, system managers are able to maintain more clarity, and therefore more accuracy, in identifying hacking and / or preventing hacking or data exfiltration attempts.