Earlier this week, a report commissioned by Apple highlighted, yet again, why end-to-end encryption must be used when protecting sensitive data against theft and misuse, and why analysts have long recommended it.
In the report, a professor at the Massachusetts Institute of Technology has conducted an independent review of publicly reported breaches which has been conducted for the tech giant in response to the report. The study found that ransomware campaigns and attacks on trusted technology vendors over the past two years have been responsible for a dramatic increase in data breaches and the number of records that have been compromised due to these breaches.
The number of records exposed for the first time in 2021 and 2022 had reached a staggering 2.6 billion, with 1.5 billion of those records being exposed last year alone. Considering the trends so far this year, it is highly likely that this number will be even higher in 2023.
There have already been 20% more data breaches in the first nine months of 2023 alone, compared to all of 2022 combined, and the 2017 number is only 20% lower than the 17% increase in 2022. By the end of August 2023, it is estimated that 360 million sensitive records belong to around 360 companies and institutions that were exposed as a result of corporate and institutional breaches.
A study published in the Apple report states that 95% of organizations that experienced a recent breach had experienced at least one other breach in the past, according to IBM's Cost of a Data Breach Study, as well as a Forrester study quoted in the Apple report.
Within the last 12 months, 75 per cent of the respondents had experienced at least one incident involving data compromise.
In addition to the study's findings, 98% of companies currently have a relationship with a technology vendor that has suffered at least one recent data breach as part of their contract with them.
Fortra, 3CX, Progress Software, and Microsoft are just a few of the organizations and individuals that were affected by breaches involving vendors and vendor technologies. These breaches have impacted a wide range of organizations and individuals.
When considering encryption plans, organizations should also be aware of the rapid growth and adoption of cloud computing.
In Apple's study, data that was analyzed showed that over 80% of breaches involved cloud-stored data. As a result of these issues, it may be more challenging to encrypt data on the cloud than to encrypt it in a physical location.
In organizations with good security practices, Ken Dunham, director of Cyber Threats at Qualys, says that good security practices usually give organizations a good level of visibility over their legacy networks.
Nevertheless, if they migrate to the cloud, they often lose the ability to be able to control, see, manage, and operate in a way that is similar to what they have in place in the past when it comes to encryption." He adds that maintaining a hybrid network that combines legacy and modern technologies is a new layer of complexity for organizations when they embark on digital transformation initiatives.
Considering the cloud as a primary provider of data encryption can be a mistake for organizations, says Ben-Ari: "While cloud providers offer valuable security measures, it is the organizations' responsibility to ensure that they encrypt their data."
In addition, he recommended that organizations prioritize technologies that are user-friendly and easy to implement so that any disruption to existing operations will be minimized when they are implemented in phases.
The last recommendation he makes is that organizations make use of the shared responsibility model that many cloud providers and leading SaaS vendors offer, which provides organizations with the capability to bring a wide range of advanced encryption features to their users at a single click right from their browsers.