Why encryption use doesn’t match data protection needs
Too many organizations pay only lip service to the practice of encrypting important information, increasing the likelihood that they will suffer a cyber attack.
According to a new study from Osterman Research, while email encryption is a “critical” or “very important” business priority for 53 percent of organizations, it is only being used “extensively” by 40 percent of organizations.
The study, entitled “Enterprise Encryption and Authentication Usage: A Survey Report,” polled 165 IT decision makers and influencers, who manage on average 14,000 email users per organization, to assess the adoption of encryption in the context of email, file sharing and other communication practices used to share sensitive and confidential records. More than half of the respondents (53 percent) considered email encryption a priority, up almost 10 percent in 2015.
However, the findings also revealed that encryption is not used as often as it should be. Only two in five organizations reported “extensive” use of encryption. When asked why the barriers are preventing more widespread use of the technology, more than half (53 percent) of respondents said “asking too much of the email recipients,” indicating that ease of use for both senders and receivers is still a major issue for businesses.
“Despite the necessity of encryption and the benefits it offers, there is still the common misconception that the technology is suited for only the technically savvy,” said Jacob Ginsberg, senior director at Echoworx, which sponsored the report.
“The challenge in the security industry today is that, despite the ever more complex threat vector, solutions must remain dead simple to use. Human nature is to look for the easiest path to accomplish a task, and that path also must be the most secure,” Ginsberg adds. “Creating more efficient, easy-to-use, cloud-based encryption systems will help drive adoption forward.”
Unfortunately, the “nuts and bolts of cyber security are still not understood, or in most cases, simply ignored,” said Ginsberg. “Data breaches are inevitable, and companies will continue to be hacked. The worry is that many organizations still remain reactive to cyber security, waiting until their reputation is questioned or legislation forces them to act. Encryption reduces vulnerabilities and allows individuals to stay one step ahead if a security lapse occurs.”