How Companies Are Fighting Off Spies and Hackers

Key-Drivers-for-Using-Encryption-Technology-Solutions-Thales-Report-2015.png

Reasons For Using Encrytion: Global Encryption and Key Management Trends – an independent research by the Ponemon Institute, April 2015.

It's two years since Edward Snowden leaked details of massive covert surveillance operations conducted by the US National Security Agency and Britain's Government Communications Headquarters (GCHQ).

And as cyber-attacks and data breaches become more commonplace - the Ashley Madison data theft being the most recent high-profile case - what are firms doing to bolster their defences against hackers?

Perhaps not surprisingly, a Ponemon Institute study in April found that there has been a 34% growth in businesses using encryption methods to protect their communications.

Headlines about cyber-attacks undoubtedly drive a greater demand for privacy, says Matt Richards, vice president of products at OwnCloud, a data security company. "It gets people nervous and a lot of folks interested in talking to us," he says. Lawyers who trade on client confidentiality have obviously been in the front of the queue. Manhattan-based attorney Chris Gulotta says his firm has deployed SecureMail to encrypt all staff emails. "I think people are getting used to interacting with secure channels now," he says.

When entertainment and technology giant Sony had its emails hacked and published in 2014, embarrassing private conversations were revealed to the world.

It was this PR disaster, says William Bauer, managing director of Royce Leather, a small New Jersey retailer that, "left us wondering as a small business how vulnerable we were to succumbing to the same fate." Mr Bauer's firm now trains all its employees to use encrypted email.

For a long time encrypted email was a drawn-out process with users having to swap encryption keys in order to share secure messages.

"It just didn't really offer a usable solution from our perspective," says Gavin Kearney, co-founder of secure email company called Jumble. "We remove users having to create and manage any of the associated encryption keys."

Jumble's encryption process is automated - non-Jumble users are able to decrypt their received messages through the website. And as the decryption takes place within the browser, no one else can see the contents.

"You don't need to be a mechanic to drive a car," says Mr Kearney. "Likewise, to achieve proper email security you shouldn't need to know about the ins and outs and complexities, algorithms, or managing and controlling keys."

ProtonMail, a Swiss-based encrypted email provider, has also simplified the process. "We've switched from server-side encryption to client-side encryption," says co-founder Andy Yen. "All the encryption happens on the users' devices before the data ascends to our servers. "We don't have a technical means to read any of our users' communications," he adds. This makes the service popular with lawyers and doctors, as well as other clients who have to handle sensitive data. "Also, a lot of the business community in Russia is very active on ProtonMail," says Mr Yen.

The growth in cloud-based services, and mobile workers using their own devices, has made data security even more of a pressing issue for business.
Accessing work emails at the airport, or in a cafe over a free wi-fi service could expose potentially sensitive corporate data to hacking.

Traditionally favoured by individuals looking to hide their internet protocol (IP) addresses and keep their browsing habits secret and encrypted, VPNs are now garnering increasing interest from businesses, too, says Dan Gurghian, co-founder of Amplusnet, the parent company of Invisible Browsing VPN.

And UK-based HideMyAss says it now has dedicated teams for selling bulk accounts to businesses. "It does good revenue," says chief operating officer Danvers Baillieu. "I can't name them, as a privacy business, but we've got big household name Internet brands using our service."

VPNs are also proving popular with companies in countries where censorship is an issue, says Andre Elmoznino Laufer, head of growth for SaferVPN.

Since Snowden, VPNs have had something of an image makeover, believes Robert Knapp, boss at CyberGhost, a VPN provider. "People are always asking why do you anonymise people, nobody has anything to hide, you just run services for the bad guys. No we don't, we run the service for the good guys," says Mr Knapp. "Since Snowden....we don't have to educate the market any longer."

But doesn't all this encryption inevitably slow down your communications in an age where speed in business is essential? This was initially the case for Royce Leather, says Mr Bauer - there was a slight dip in productivity as staff got to know the ropes, but "the encryption benefits were well worth the short-run sacrifices," he concludes.

The computing power behind email encryption these days means any slowdown in traffic flow to encrypt and decrypt is negligible, argues Ashish Patel, a director at Intel Security.
 
"If I was to send you an email that was unencrypted and send you an email that was encrypted, by the time you received and opened it, you wouldn't notice a difference," he says.

But when it comes to VPNs, Mr Laufer admits: "It will inevitably be a bit slower than without a VPN, no matter what any VPN provider claims. "But it's a small price to pay to secure sensitive corporate data."

Of course, we may never know if all this extra focus on security has succeeded in keeping the spies at bay. It may take another Snowden - with all the threats to national security that presents - to answer that billion dollar question.
BBC:  http://bbc.in/1EGTlwE

« IoT Will Change Your Relationship With Insurance
Are We Really Safe From Self-Aware Robots? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CyberDefenses

CyberDefenses

CyberDefenses services combine best-in-class cybersecurity oversight, managed services and training to help our clients truly address their cybersecurity challenges.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

Polyverse

Polyverse

Polyverse offers application security, zero-day defense, proactive cyber resiliency and more. Protect your critical applications with moving target defense.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

Cyber Police of Ukraine

Cyber Police of Ukraine

Cyber Police of Ukraine is a law enforcement agency within the the Ministry of Internal Affairs of Ukraine dedicated to combating cyber crime.

Nakivo

Nakivo

Nakivo provides fast, reliable, and affordable VM backup, replication, and disaster recovery solutions for VMware, Nutanix AHV, AWS EC2.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Onclave Networks

Onclave Networks

Onclave Networks is a global cybersecurity leader, transforming the future of securing all IT/OT devices and systems.

Secure Forensics

Secure Forensics

Secure Forensics can assist in any situation that requires digital forensics or an investigation ranging from complex criminal matters to fraud and file tampering to cyber crime.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Curatrix Technologies

Curatrix Technologies

Curatrix Technologies is a Managed IT Service provider based in Hampshire, UK, providing high quality and reliable Managed IT Services since 2015.