Organisations fail to encrypt sensitive data, shows Infosecurity Europe survey

More than a third of all organisations are failing to encrypt sensitive data sent outside their own systems, reveals a survey at Infosecurity Europe

More than a third of organisations are failing to encrypt sensitive data sent outside their systems, a survey has revealed.

Nearly 36% of more than 200 security professionals, polled at Infosecurity Europe 2014 in London, admitted their organisations are not using encryption for sharing sensitive data.

"This statistic is cause for alarm, particularly given that encryption provides protection for companies against cyber criminals, competing companies and even governments,” said Terence Spies, CTO of Voltage Security, the company that conducted the survey.

“Encryption is the key to keeping sensitive data away from prying eyes because encrypting data at the source means that hackers or malicious actors will not be able to see or use the information, even if they do manage to intercept it.”

The survey showed almost half of respondents are not “de-identifying” data in their organisations.

Read more about encryption

According to Voltage Security, the ability to “de-identify” information – by using standards-based encryption technologies such as Format Preserving Encryption (FPE) – provides effective mechanisms to secure sensitive data.

“This provides an underlying foundation for data privacy, ensuring not just that the data itself is secure, but also that the information can be accessed and used only by authorised users and the specific intended recipients," said Spies.

In addition to protecting data from advanced threats, businesses face the challenge of protecting data from inadvertent risk, while ensuring the business is not constrained, he said.

Continuity concerns

Many organisations shy away from encryption because of fears that it will hamper business operations.

But Spies said breakthroughs in data protection in recent years have made it possible to achieve the highest levels of security while maintaining business continuity.

"Data-centric security techniques permit a fine-grained protection of sensitive information, which means the protection stays with the data wherever it goes, even if it is intercepted, because it is encrypted at the source,” he said.

“This puts the company in control of the privacy over its data assets, while ensuring it can stay compliant with privacy regulations and keeps the business running smoothly.”

Read more on Privacy and data protection