Major Breaches Underscore Need for Sound Data Encryption Strategy
With the Notifiable Data Breaches scheme to be enacted within months, the data encryption practices of major companies are becoming subject to greater scrutiny. Companies will be required to disclose all relevant data breaches that occur after the 22nd of February 2018, meaning organisations will need to be proactive with their data encryption policies to avoid future public relations consequences.
In the meantime, several companies are being investigated due to impropriety related to data encryption and cloud security breaches.
Uber in the Headlights
Among the companies being looked at are international ride-sharing upstart Uber, who have admitted to attempting to rectify a 2016 data breach by paying hackers $132,000 to delete the compromised data of 57 million Uber users. The Personally Identifiable information of these users included names, email addresses and mobile numbers.
While this major data compromise alone is serious enough to warrant concerns, the decision to recruit hackers compounds the problem for Uber. Australian Information Commissioner Timothy Pilgrim has commenced investigation into the company, branding the situation as ‘… a timely reminder to Australian businesses and agencies of the reputational value of good privacy practice.’
Data Breach Cover-Ups Are Commonplace
The introduction of the NDB scheme was precipitated by the need for greater transparency on data breaches at organisational level.
RSA Chief Cyber Security Advisor Len Kleinman was recently quoted when speaking to CSO Australia on the issue, stating that ‘…those involved would be aghast how much is actually kept quiet or swept under the carpet. It seems like such a tragic loss not to use those breaches … to improve your security posture and cyber resilience.’
Kleinman’s assertion that cyber security practices need to be given greater precedence is becoming a more common sentiment from business leaders. A Ponemon Institute-Thales Global Encryption Trends Study conducted earlier this year found that data encryption is a growing concern. 41 per cent of companies now employ consistent encryption strategies, up from 37 per cent the previous year.
Data Encryption and Cloud Migration
The study also uncovered some worrying statistics regarding movement of data into cloud-based services. Only 46 per cent of respondents stated they were encrypting data before moving it to the cloud, with 37 per cent relying instead on cloud providers to manage encryption.
Business leaders would be prudent to take greater responsibility for data encryption as we enter an era of increased accountability and consequence. Businesses looking to enhance their practices can get in contact with Computer One for network security management services.