“So, what are we doing about encryption?”
That’s a question you can expect to be tossed around in plenty of boardrooms, in the coming months. Whether it’s on the next earnings call or after delivering the next keynote, it’s one many CEOs will now be expecting to encounter. So why has it become such a hot topic, and what will their willingness - and readiness - to address the topic say about the state of enterprise data security?
Data breaches are not a new phenomenon - but it’s a threat continually on the rise. Estimates suggest over 10 billion data records have been lost or stolen globally, since 2013 – with almost 300 records lost or stolen every single second. This is no trivial problem, either: the average cost of a breach now clocks in at almost $4million, before even considering long-term reputational damage.
Most alarmingly for enterprises, that risk will continue to rise– because the variety and severity of security risks will evolve. And as our collective understanding of the value of our personal data grows, the pressure on businesses to take data security seriously will grow with it.
Enter Arne Sorenson, CEO of travel giant Marriott. Commenting on his company’s “massive hack” that recently affected over 380million customers, Sorenson turned the conversation toward the matter of encryption: “We have got to get it encrypted, and we have to make sure that people have the confidence that the data that we keep is going to be kept only because we need to use it”. A spokesperson later added that this will focus on ensuring universal encryption of passport numbers.
The story serves, of course, some important reminders to consumers. When traveling abroad, it’s important to remember that hackers aren’t also on holiday. Just as they would take extra precautions to pack all necessities or avoid physical pick-pocketers, it’s equally important to take care of digital security. Assuming all networks are hostile is one way to avoid exposure – that includes hotels, airports and cafes. While it may be tempting to log on to free wi-fi and avoid roaming data charges, an innocent looking network name can really be a hostile one in disguise. In the event a traveler does need to get online, using a virtual private network (VPN) service is a smart way to shield online behavior from potential hackers or snoops.
But the onus isn’t just on travelers. As seen in the recent Marriott breach, customers' sensitive credit card information was encrypted, but their stored password numbers were not – posing a risk for potential identify theft. Marriott's response may well set a new normal, in the travel industry: all sensitive traveler data should be encrypted. Not only do these businesses need to provide a comfortable and enjoyable experience for travelers, but they also need to do their part to safeguard the sensitive information with which they’ve been entrusted.
In fact, when it comes to putting data at risk, our Thales 2019 Global Data Threat Report recently revealed that as digital transformations are taking place, sensitive data is highly at risk. An alarming 97 % of the respondents indicated that they are going through some kind of digital transformation, yet only 30% have adopted an encryption strategy.
This should serve as a wake-up call. Data breaches can be a decisive moment for a business and its leadership – but so can the steps it takes to put a cyber resilience plan in place, before it’s too late. This is no longer a ‘nice to have’ - it’s business as usual. Data is the new oil, and if you haven’t got a rock solid answer to ‘the encryption question’, then yours is vulnerable.