A recent poll to take a snapshot of opinion and behaviour of over 100 IT security professionals reveals a stark contrast in attitudes versus action when it comes to limiting the impact of cybercrime. As cyber-related criminality continues to make headlines around the world, the poll, conducted by iStorage, a trusted global leader of hardware encrypted portable data storage & cloud encryption devices, looked at three key areas around remote working, use of cloud and ransomware.
Nearly 9 in 10 work remotely but too few encrypt the data
86% of polled IT security professionals said they took their device away from the office to work remotely. However, best practice when it comes to data backup and security is in short supply with approximately one third reporting they do not back-up data to a data storage device (29%), and of the 71% who said they do back-up data to a data storage device, 48% said that data was not encrypted.
- The UK’s National Cyber Security Centre advocates a 3-2-1 back-up strategy to protect against cyber attack – over half (56%) of IT security professionals don’t follow it.
CEO of iStorage, John Michael, explains: “To minimise risk and maximise protection it’s essential to consider encrypting files both in transit and at rest, so that if a device does fall into the wrong hands, the data it contains cannot be accessed. We hear stories of business executives losing data storage devices containing personal and confidential data every day, and in most cases, that data is not encrypted. We need our IT community to be setting a model example by encrypting data.”
Another recent study by Verizon found that with the increase in hours, locations and devices that employees are using, there has been a corresponding increase in vulnerability for companies with security teams facing an uphill battle as the number of remote workers increases. By encrypting data, businesses can enhance the security of their files as well as any communications that take place between client apps and servers.
More than 9 in 10 now view ransomware as a major concern
91% of IT security professionals who were polled agreed that the threat of ransomware was a cause for concern in their organisation. The latest threat landscape report by ENISA, the European Union Agency for Cybersecurity, also warns of a surge in cyber criminality, and details how ransomware has become the prime cybersecurity threat facing organisations today, much of it driven by the monetisation of attacks.
Cyber criminals trigger a ransomware attack by secretly compromising networks, often via phishing attacks, infiltrating cloud services or exploiting vulnerabilities. The iStorage poll revealed that nearly half (47%) of IT security professionals assumed cloud providers are responsible for data in the cloud. In addition, 34% do not encrypt data before sharing with colleagues – such as over a cloud file-transfer service – when working remotely.
However, cloud providers include a ‘Limitations of Liability’ clause which places data-security responsibility with the cloud user. Since the cloud user is liable, organisations must establish their own security measures to ensure data protection and privacy. One vital step is encryption.
In order to ensure the data is kept confidential even if the cloud account is hacked via, for example, a phishing email, the user should retain full control of the encryption key. Removing the encryption key from the cloud and physically storing it within a PIN-authenticated external USB module will allow users to access data stored in the cloud in the most secure way possible, while also being able to securely encrypt information from a local computer, a network drive, or sent via email or file-sharing service.
John Michael concludes, “Ransomware is the most significant cybersecurity threat facing organisations today as increasingly professional and sophisticated cyber criminals skilfully follow the money in order to maximise the profit from illicit campaigns. We cannot afford to be complacent. Encryption isn’t just for the likes of the secret services, it should be used now as part of business modus operandi and is a relatively simple measure to reduce the impact of cyber crime which continues to cost global economies billions.”