Why encryption is failing us
Encryption is viewed by many as “bullet proof” technology. Along with antivirus software, organisations swear by it, and consumers feel overly confident knowing that their recent transactions and personal data are encrypted. Despite the confidence around this “go-to” technology, time has shown that encryption is just not enough. In fact, it’s failing us.
About the author
Tom Kellermann is the Head Cybersecurity Strategist at VMware Carbon Black.
History Repeats Itself
A look at recent high-profile data breaches will show us that encryption software either did absolutely nothing to prevent hackers from infiltrating systems, or worse, helped disguise cyber criminals while wreaking havoc in organisations’ systems.
Equifax announced a data breach that exposed the personal information of 147 million people. During the incident, an attacker was able to crack into Equifax’s system in mid-May and hide within encrypted traffic until the end of July — more than two months without anyone noticing.
More recently in November 2018, Marriott disclosed a data breach that affected 327 million customers, which in my opinion, was based on a false sense of security in encryption. Hackers had been hiding in Marriott’s system since July 2014, gaining access to a whopping 25.6 million passport numbers in the breach, of which 5.25 million
Be the first to write a comment.
