Encryption is high up on corporate priority lists
The number of UK organizations implementing data encryption as a core part of their cybersecurity strategy has continued to rise, with 32% introducing a policy to encrypt all corporate information as standard in the last year. In total, 47% now require the encryption of all data, whether it’s at rest or in transit, according to Apricorn.
32% of organizations encrypt all data when it’s stored on their systems or in the cloud. Only 2% do not currently see encryption as a priority.
The stakes are getting higher for those organizations that don’t give the approach sufficient attention: 16% of the IT leaders surveyed admitted that a lack of encryption had been the main cause of a data breach within their company, up from 12% in 2021.
When asked about the main reason their organization has increased the implementation of encryption over the past year, nearly 24% of respondents said this was due to the rise in remote working, with 16% citing the rise in ransomware attacks.
“It’s encouraging to see encryption high up on corporate priority lists; messages about the crucial role it has to play in protecting sensitive information are clearly getting through. When data is encrypted, it’s fully protected – if an unauthorised individual gains entry to an IT system or picks up a device that’s been left in an Uber, for instance, the information will remain unreadable,” said Jon Fielding, managing director EMEA, Apricorn.
73% of organizations now have a policy that requires the encryption of all data held on removable media, such as external hard drives and USBs. Twenty-seven percent actively enforce the encryption of data on mobile devices and removable media. 42% only allow the use of removable storage devices if the data is hardware encrypted – up from 33% last year.
“Built-in hardware encryption with onboard authentication affords stronger protection than software-based encryption, which can leave devices exposed to counter resets, software hacking, screen capture and keylogging. When held in a hardware crypto module, encryption keys are protected from brute force attacks and unauthorised access,” Fielding explained.
The proportion of organizations dealing with the risk to data held on removable media by physically blocking their use has dropped from 13% in 2021 to just 8% this year.
“This indicates an increasing maturity of approach to cybersecurity in the hybrid working environment,” Fielding continues. “By choosing to avoid a ‘blanket ban’ on removable devices and seeking instead to secure the endpoint and the data, they can fully reap the productivity and flexibility benefits gained from storing or moving data around safely, offline.”
Data encryption provides organizations with a way to mitigate the biggest challenges faced by organizations when implementing a cybersecurity plan for remote or mobile working. According to the IT leaders surveyed by Apricorn, the three biggest problems are the complexity of managing all of the technology that employees need and use (cited by 42%), followed by the likelihood that employees will unintentionally expose the organization to a data breach (38%), and uncertainty around whether data is adequately secured (32%).
“Organization-wide encryption is a straightforward way of staying ahead of evolving cyber threats, complying with legislation and mitigating human error,” says Fielding. “To be completely effective, it needs to become ‘business as usual’ – embedded into ways of working, mandated in policy, and enforced at an operational level.”