Features: September 16th, 2016

As cyber crime increases there is a greater recognition of the value of encryption. In this article John Grimm describes the need for the public sector to step up its response to cyber attacks.

Encryption use is truly on the rise, and I’m not just talking about its use in ransomware. Thales e-Security and the Ponemon Institute’s most recent Global Encryption Applications Trends study revealed that last year saw the biggest year-on-year increase in the use of encryption in 11 years, with over two fifths of global organisations now implementing encryption to better protect their data.

This is hardly surprising – but last year’s record rise is particularly notable. Almost every day we are faced with news stories reporting a breach of customer data as yet another high-profile organisation falls victim to a cyber-breach. Most people agree we’re to point now where it’s no longer a case of ‘if’ your company’s data will be compromised, but ‘when’.

It is encouraging, then, to see that more organisations are approaching their data protection strategy more comprehensively, and taking the necessary steps to better safeguard their most valuable employee and customer data. As expected, the heavily regulated industries that deal extensively with both financial and personal data topped the list of extensive encryption users.

So how does the public sector fare across the globe?

In the public sector, however, there is still some way to go in terms of the adoption of a dedicated encryption strategy. Looking at the figures from the report, just a third (33%) of public sector organisations extensively use encryption technologies, compared to over half (56%) of those in financial services, ranking it at 10th in the list of 14 industry sectors analysed. Furthermore, public sector organisations were found to have the lowest rate for cloud encryption for data at rest, with just 26% of them protecting data at rest in the cloud using encryption, compared to 71% of those in the financial services sector.

This is worrying for a number of reasons. Cyber criminals continue to become more sophisticated and targeted in who and how they attack. We have never been more connected than we are now, and our data is being sent to more places than ever before – think cloud, think mobile, think…everything! Connected devices, the cloud and the Internet of Things (IoT) are the new realities of today for public sector organisations.

For example, take a look at the digital transformation of the NHS. By 2020, the NHS has been tasked to meet the government’s paperless initiative, digitising all patient records. Just imagine the vast amount of data this will produce. In this paperless NHS, doctors will be able to access patient information on connected devices anywhere, at any time. This will undoubtably open many windows of opportunity for someone with malicious intent looking to compromise this valuable information, as well as introduce opportunities for human errors to result in inadvertent information disclosure.

ncryption, by its nature, is data-centric because it effectively ‘follows the data’ wherever it goes, and decreases dependence on infrastructure-centric protections. With this in mind, perhaps it’s time that encryption was put further up the security agenda in public sector organisations?

However, it does appear that the public sector is ready for a shift. Our research revealed that respondents from the public sector rate simultaneous support for both cloud and on-premise deployment as the most important feature of an encryption solution – more important that all of the eleven other features they were asked about. As public sector organisations increase their usage and dependence on the cloud for increasingly sensitive data and applications, this clear call for support for cloud indicates that public sector organisations are not willing to accept a new and separate set of encryption tools to support their newer cloud data protection needs.

Whilst the government has made good progress in bolstering its efforts to fight cybercrime over the last few years, these new figures indicate there is still clearly more to be done to achieve the robust cybersecurity levels required. With cyberattacks costing the UK economy billions of pounds every year, the public sector has a big job to do to ensure it properly confronts this onslaught. By implementing security-by-design techniques, such as an encryption strategy based on best practices and strong key management, the public sector will be better positioned to safeguard valuable, and possibly sensitive, citizen data from reaching the wrong hands.

John Grimm is senior director at Thales e-Security.