A third of IT security professionals are sending sensitive data outside of their organisation without any form of encryption.
According to a survey of 200 professionals at this year’s Infosecurity Europe, 36 per cent admitted to sending sensitive data outside of their organisations without using any form of encryption to protect it.
Terence Spies, CTO at Voltage Security, said: “This statistic is cause for alarm, particularly given that encryption provides protection for companies against cyber criminals, competing companies and even Governments; it is the key to keeping sensitive data away from prying eyes. Encrypting data at the source means that hackers or malicious actors will not be able to see or use the information, even if they do manage to intercept it.”
Speaking to IT Security Guru, Bob Tarzey, analyst and director at Quocirca, said that he saw this data as slightly positive, as two-thirds are encrypting data, and he would have guessed that number would be lower.
“It is not that people are unaware, it is that insecure habits persist and most of the time, data is not compromised,” he said.
“Also, encryption may be built into certain applications which users are unaware of. So, I doubt it is black and white about ‘we never encrypt/we always encrypt’, but a lot more sensitive data is transmitted safely today compared to five years ago.”
Spies praised breakthroughs in data protection which have made it possible to achieve the highest levels of security, whilst maintaining business continuity. “Our users want to ensure that they are complying with all applicable laws, while not relinquishing their ability to provide the high level of protection of sensitive information that their customers demand of them and privacy mandates require. It is encouraging to see that three-quarters of those we spoke to at Infosecurity are aware of these data residency requirements and laws,” he said.
“Data-centric security techniques permit this fine-grained protection of sensitive information which means the protection stays with the data wherever it goes, even if it is intercepted, because it is encrypted at the source. This puts the company in control of the privacy over its data assets, while ensuring it can stay compliant with privacy regulations and keeps the business running smoothly.”
