97% of all data breaches happen on unencrypted data (Gemalto Report).
This number can tell us a lot. Only 3% of data breaches happen on encrypted data. Companies don’t encrypt the data or often fail at implementing it correctly. Why? There are many reasons why that happens and most important are lack of awareness and a fear of losing cryptographic keys.
We don’t invest in crypto libraries. I hear it sometimes. Well, you already do invest in them just probably you are not aware of it. Cryptography is a crucial element of the infrastructure but it falls into deep corners of IT expenditure. Sysadmins manage the keys or they are managed on a company behalf by a third party you never heard of. That’s a big problem with many APIs that spinning through your network. The elevated privileges and delegated access are two most common problems which open the doors for hackers wide open and they come from lack of awareness.
Someone has to have the keys. What happens if we lose the encryption keys? In the physical world, we tend to lock the door to our houses and keep the keys secure. In the digital world, some companies leave don’t encrypt the data because they might lose access to the data. That’s true to a certain extent. Modern cryptography also gives us tools for that to not happen. Over last year there has been exciting progress in the cryptography that enables efficiency and security. However, tools and solutions are still not implemented. There is a long way for that 97% of data breach attempts to happen on encrypted data.