Don't miss an insight. Subscribe to Techopedia for free.

Subscribe
Advertisement
Part of:

Encryption Just Isn't Enough: Critical Truths About Data Security

By Leah Zitter | Reviewed by Kuntal ChakrabortyCheckmark
Published: January 5, 2022 | Last updated: July 25, 2022 06:38:59
Key Takeaways

Data security is facing more challenges than ever before.

Source: Dreamstime.com/Flynt

The high-techworld uses a centuries-old tradition to protect your information. It encodes, or encrypts, your data. That encryption is why you see "HTTPS" with a green padlock in the URL bar. Notice the “s” at the end. It means "secure hypertext transfer protocol", telling you the data on this website is encrypted to ensure its security.

Advertisement

In other words, you're told you can transmit confidential personal, financial or health data if needed, without fearing hackers will intercept and read your information.

What relatively few people know is that this “security” of the website is relative. There’s still a way for malicious actors to breach the toughest of encryption. And these cyber-thieves know it.

Advertisement

Here’s how they slither their way in.

Encryption

Encryption is simply the IT security method that’s used to flip your plain-text messages into ciphertext, so that interceptor can’t understand them.

Example:

Google gives me an option to encrypt confidential emails into ciphertext. Anyone hacking that Gmail will see only a batch of random letters, digits and symbols. It’ll be unintelligible to them. If you’re the recipient, Google gives you a public and private key to decipher it, so you’ll get my message. The public key is like the business address on the web. Anyone can see it. Google uses that public key to encrypt my message. At the same time as you get my email, you're given a corresponding private key that works with the public key to decrypt my message. (Read also: Encryption vs Decryption: What's the Difference?)

Advertisement

What’s this key?

Simply a bunch of other digits that when “slotted” into the message dredge up the real meaning.

Encryption types

There are two common types of encryption

1. Encryption-in-transit

The encrypted data is sent to the server, where it is decrypted before being passed on to the recipient. As long as the content is in transit, it’s encrypted. The moment the data is at-rest it is decrypted. Any savvy hacker could intercept the data at that point.

2. End-to-end encryption

End-to-end encryption is more secure than encryption-in-transit. The data retains its encryption all the way - even on the server. It’s so thoroughly secure that even the service sending the data can’t read it. Top-security products such as Signal, Telegram, Viber and Facebook Messenger's "Secret Conversations" all carry this end-to-end protection. It simply means that they've encrypted the system from beginning to end, so you can thoroughly trust it. No hacker - they say - can penetrate it, since it’s locked-box secure.

Is Encryption Secure?

Yes. It would take several years for hackers to penetrate sites locked with 256-bit AES encryption.

The problem is, hackers can get in at either end of the transmission. It’s a huge security concern, as seen from the fact that according to the HIPAA Journal, almost ten million healthcare records were compromised in September 2020 alone through 83 breaches.

Here's How Hackers Slip In

  1. You give them entry

The most dangerous threat to corporate security are insiders, usually from your own company. And Forrester finds these threats are becoming more frequent.

Individuals, mostly privileged users and administrators, regular employees or third-party and temporary workers, threaten your sensitive data for a variety of reasons: it can be to blackmail you, snoop on you, sabotage production and so forth. Many times though, it’s human error, such as an employee sending sensitive data to the wrong recipient.

These insiders know your passwords or passcodes, you may have given it to them. Being internal, it’s also easy for them to clone your biometric fingerprints. Insiders don’t need to defeat the encryption. They simply need to compromise the credentials of those administrators that have access to the encrypted data.

Former computer intelligence consultant, Edward Snowden who leaked highly classified information from the National Security Agency (NSA) in 2013 when he was a subcontractor for the Central Intelligence Agency (CIA) is a case in point. (Read also: Trusting Encryption Just Got a Lot Harder.)

  1. Hackers slip through the cracks

Hackers trick you into clicking on malicious hyperlinks, visiting risky sites or downloading potentially harmful files. They also slip in through weak or stolen passwords, brute force attacks where they enlist software tools to guess your password, or when you merely leave your devices around - with accounts open. Your data may be encrypted - but the door’s open for them to slide in.

  1. Hackers find vulnerable access points

Hackers slip in through unprotected spots. Only certain parts of your online system are encrypted. So, for example, you could use a VPN to protect your internet connection, but hackers could still crawl into your online accounts.

In the same way, while Google encrypts your email, it also warns that it can’t guarantee the security of your emails all the time:

“Whenever possible, Gmail protects your info by using Transport Layer Security (TLS) to automatically encrypt emails you send or receive. TLS doesn’t work with messages from some email services.”

In other words, if you send mail from one Gmail account to another, you’re protected, but if you send Gmail to an account out of network, you may be risking the privacy of that mail.

One of the most common ways hackers slither in is through your software, hardware, computer operating system or the network and server you’re connected to that is flawed.

  1. Hackers dodge encryption

Modern hackers are more savvy than those of yore and many are turning to ransomware tactics. It takes too much time and expense for them to figure out which content is worth stealing. Cracking your online encryption takes too long. Today’s hackers take the smarter approach. They seal off access to your data, “generously” allowing you access only after you’ve paid their requested ransom. Examples: WannaCry, DarkSide, or Sodinokibi (REvil).

Bottom line: As much as encryption works, it’s no longer a deterrent. Hackers slip around it.

So What’s to be Done?

The remedy’s simple, cheap and straightforward. It also depends on you. (Read also: 10 Best Practices for Encryption Key Management and Data Security.)

Here’s the rundown:

  • Steer clear from suspicious ads, websites, links and messages. Any promotion that sounds too good to be true, is likely just that - not true.

  • Consider installing an antivirus program if you don’t already have one, as it will scout for malware and remove bugs if needed. Update as required.

  • Update and patch software as soon as options are available. Make sure your device is secure, as should be the network and server you’re connected to. It’s risky to choose cheap services.

  • Secure your accounts with multifactor authentication, biometrics or secure passwords. And you really wouldn’t want to store that password on your web browser nor leave it lying around. A password manager could help.

  • Create strong passwords that can't be guessed - a combination of upper- and lower-case letters, digits and symbols. And change these passwords often.

  • Keep your eye on your devices, secure your accounts, log out of your accounts after use and store your devices in a protected place.

  • If you're a business, educate your employees on best security practices and how to recognize social engineering and phishing attempts.

Conclusion

There are lots of ways malicious accounts can creep into your accounts and read or steal your data. And that’s nothing to do with encryption. Thieves can get in through negligent conduct, insider threat, vulnerable crannies, brute force, social engineering or phishing attacks and archaic software or hardware, among scores of other opportunities.

Yes, end-to-end encryption helps, but it only goes so far. Practice safe habits to protect your data. It will keep you and your business secure.

Advertisement

Share This Article

  • Facebook
  • LinkedIn
  • Twitter
Advertisement

Written by Leah Zitter | Contributor

Profile Picture of Leah Zitter

Leah Zitter PhD writes across emerging innovation for high-level companies that include Google (and sub-division Google Cloud). Her Masters in Philosophy & Logic and PhD in Behavioral Neuroscience/ Psychology Research make her a whiz in the sci-fi topics of AI, ML, Big Data, VR and so forth. Hit her up at https://www.linkedin.com/in/leahzitter

Related Articles

Go back to top