Encryption vs Security : Dawn of Compliance
You might be asking yourself what on earth do two fully grown men in tights have to do with Encryption and Security? Please bear with me a moment and I will explain this geeked out analogy.
It is no secret that organisations are being targeted by cyber crime. It seems that almost every week another organisation is hitting the headlines for all the wrong reasons. Since the start of this year we have seen attacks on organisations as high profile as HSBC. In this instance what we saw was DDoS attack that caused their website and mobile applications to crash and fail, much can be made of the impact on HSBC and what this might end up costing them in damage to their brand and reputation. The financial implications could run into the millions. Back in 2014 The Royal Bank of Scotland was fined £56 Million when a problem with their systems prevented customers from being able to withdraw funds. That is a pretty staggering fine, one which you must ask yourself could my company survive an attack of this type and the financial losses it could incur?
Network Security has developed over the years to deal with the new multi-vector approach that is being deployed, be it by the hacktivist trying to disrupt an “evil” corporate entity or the organised criminal who are selling their services to some shady Lex Luthor at a competitive business.
End point Security has become a major concern for organisations looking to utilise the benefits of a mobility and the always on and connected culture. This in turn has opened up hundreds of points of risk to a company, and yes the attackers are aware that a vunerability exists sometines out of you reach.
When I think about the security that IT requires I can see many similarities to Superman. Both of them need to be constantly vigilant and aware of any wrong doing, quick to react and strong enough to withstand the barrage of attacks with an almost impervious skin. Security is all about having a great defence that protects against the known aggressors in your market place.
Encryption is nothing new, it has been around for a while as a method to stop unwanted eyes being able to discern the information they are reading. It takes a keen mind and a lot of determination to break an encryption code. Something that Batman has by the bucket load. The idea of encrypting data is not an attempt to be completely impervious to attacks, it is accepting that at some point in time an attack will get through and data will be stolen. If this data can then be used, because it has not been encrypted in some fashion, a company can be found liable to the types of fines mentioned earlier in this blog. Especially when you look at the changes being proposed by the General Data Protection Regulation, making Encryption part of your data protection policy is definitely the thinking man’s move.
When I think about Encryption I think about how the Caped Crusader will out think his opponents and prevent any wrong doing. Who needs to be able to punch through a brick wall or impervious when a breach would yield no pay off?
When our clients are looking at their infrastructure projects, security is always part of our consultancy process. By utilising think S3 assessment services and leveraging our relationships with leading security vendors such as Sophos, we have been able to ensure our clients stay out of the headlines, and off the radar of organisations such as the ISO.
To find out more about the changes that are in the Upcoming GDPR, why not down load “Guide to EU Data Protection Regulation” and discover a few handy tips to prepare your self for the future.