5 things you need to know about encryption

In our everyday, digitally-enhanced lives, we rely heavily on encryption to protect our sensitive data. But although it’s an effective safeguarding measure for keeping things private, it can also mask a number of threats.

The very practice of encrypting information so that it cannot be read without a specific decoding key means that it presents a huge blind spot when it comes to threat detection.

Over half of all online content is protected to some extent using this method, so what do we really need to know about encryption as we approach 2018?

Encryption-related security threats are rising
More sites are using HTTPS not just for privacy but also for integrity and authentication, so that customers can be confident they are communicating with their bank, for example, rather than a scam website. But rising volumes of encrypted traffic are offering places for cyber-attackers to hide among genuine communications, where they can use these networks to steal important data.Through manipulating such channels for their own command and control they can download and install additional, malicious tools to further their attacks. Only by analysing and monitoring all encrypted channels can it be established that all traffic is genuine. Threats must then be hunted out and networks scoured for such subversive behaviour, to make sure databases are kept secure.
Monitoring encrypted traffic can break the privacy chain
A real dilemma exists for organisations trying to control threats lurking in encrypted traffic, because they should not be examining personal data from its users. And such a compromise in itself could open a company up to an attack, as web criminals know that such devices have access to information that would otherwise have remained scrambled.Therefore, there is a strong argument for looking at that traffic at either end of the encryption process – the origin or endpoint –¬¬ but not in the middle.
Automation can be key to identifying encrypted malware quickly
It’s so important to act as fast as possible when a threat is detected, so that damage is minimal. And this is where automated mitigation comes in. With sight on communications before they are encrypted or after they have been decrypted, automating the process in between means the load can be shared between individual processors. This helps ensure the volume of processing is manageable within an organisation, reducing the chances of a threat being missed.
Focusing on behaviours rather than objects can better protect against threats
Savvy IT professionals are now moving away from simply looking for objects they know to be malicious, to using scalable detection methods that are based on behaviours. This is because for an attacker, changing tactics and methods is much more difficult than just creating a new, unknown object.So, organisations need to be able to root out unknown attacks through behavioural analysis and put systems in place which have the ability to prevent, detect and respond. Forensic investigation will therefore be the basis for further measures as required.
Vigilance at all times is a must
It’s sometimes said that the moment you think you’re most secure online is the moment you’re most vulnerable. And companies connecting supply with demand – whether that’s dating, holiday lets or anything else – must take responsibility for what happens in the middle.Organisations must therefore be both proactive to reduce that risk and reactive in taking responsibility when things go wrong. Whilst disruptive when they do arise, problems can present a great opportunity to strip systems down, step back, redesign and fix them.