5 things you need to know about encryption

Senior Support Analyst

Fav thing about the office

Cheesecake Wednesdays

As a child I wanted to be a ... when I grew up

Solicitor

Guilty Pleasure(s)

Gu Puds

Favourite Holiday

2 weeks in Florida

If I had a superpower it would be...

Definitely flying

Describe yourself in three words or less

Lots of Energy

An interesting fact about me

I was once the South Ribble Chess Champion.

Likes

Exercise, Muay Thai, Singin' in the rain

Favourite Band

Its not about the artist its about the style

Karaoke Jam

Vengabus- Vengaboys

What I do at Q2Q:

I head up the IT support team.

On a daily basis I work on resolving IT issues for our clients. My skill set tends to adapt according to the current needs of our customers, from solving basic matters like fixing a printer through to more complex server infrastructure deployment. I am also often out on site visiting customers that are in need of an IT saviour.

Within the team, I work on the proposals for new and existing customers, and ensure we all work together to implement the solutions we propose.

I enjoy overseeing new projects so that, when clients evolve, we can ensure their growth, office move and/or induction of a new team member, is as seamless as possible from an IT perspective.

I also drive the rest of the team insane with my singing!

Background and Achievements

I joined the Q2Q team when they were part of the I.T. department for the Tulchan Group 14+ years ago. This was my first full-time role straight of out A-levels. I have enjoyed being part of the company and watching it grow from 3 members of staff to a blossoming 10.

I find it hard to pin point specific achievements as one of my values personally is to always exceed your own expectations. My wife would say being a great Dad to my two boys.

A great achievement for me is getting 76 miles to the gallon on the motorway and being able to finally grow stubble.

Hobbies and Interests

I aim to train in Muay Thai twice a week and religiously go to the gym every day I can.

I can juggle and have always wanted to learn knife throwing.

In our everyday, digitally-enhanced lives, we rely heavily on encryption to protect our sensitive data. But although it’s an effective safeguarding measure for keeping things private, it can also mask a number of threats.

The very practice of encrypting information so that it cannot be read without a specific decoding key means that it presents a huge blind spot when it comes to threat detection.

Over half of all online content is protected to some extent using this method, so what do we really need to know about encryption as we approach 2018?

1.                   Encryption-related security threats are rising

More sites are using HTTPS not just for privacy but also for integrity and authentication, so that customers can be confident they are communicating with their bank, for example, rather than a scam website. But rising volumes of encrypted traffic are offering places for cyber-attackers to hide among genuine communications, where they can use these networks to steal important data.

Through manipulating such channels for their own command and control they can download and install additional, malicious tools to further their attacks. Only by analysing and monitoring all encrypted channels can it be established that all traffic is genuine. Threats must then be hunted out and networks scoured for such subversive behaviour, to make sure databases are kept secure.

2.                   Monitoring encrypted traffic can break the privacy chain

A real dilemma exists for organisations trying to control threats lurking in encrypted traffic, because they should not be examining personal data from its users. And such a compromise in itself could open a company up to an attack, as web criminals know that such devices have access to information that would otherwise have remained scrambled.

Therefore, there is a strong argument for looking at that traffic at either end of the encryption process – the origin or endpoint –¬¬ but not in the middle.

3.                   Automation can be key to identifying encrypted malware quickly

It’s so important to act as fast as possible when a threat is detected, so that damage is minimal. And this is where automated mitigation comes in. With sight on communications before they are encrypted or after they have been decrypted, automating the process in between means the load can be shared between individual processors. This helps ensure the volume of processing is manageable within an organisation, reducing the chances of a threat being missed.

4.                   Focusing on behaviours rather than objects can better protect against threats

Savvy IT professionals are now moving away from simply looking for objects they know to be malicious, to using scalable detection methods that are based on behaviours. This is because for an attacker, changing tactics and methods is much more difficult than just creating a new, unknown object.

So, organisations need to be able to root out unknown attacks through behavioural analysis and put systems in place which have the ability to prevent, detect and respond. Forensic investigation will therefore be the basis for further measures as required.

5.                   Vigilance at all times is a must

It’s sometimes said that the moment you think you're most secure online is the moment you're most vulnerable. And companies connecting supply with demand – whether that’s dating, holiday lets or anything else – must take responsibility for what happens in the middle.

Organisations must therefore be both proactive to reduce that risk and reactive in taking responsibility when things go wrong. Whilst disruptive when they do arise, problems can present a great opportunity to strip systems down, step back, redesign and fix them.

 

To find out more about encryption or to discuss any other cyber-security concerns you might have for your business, just get in touch!

5 things you need to know about encryption