One harrowing statistic from our recent Ponemon study, “Risky Business: How Company Insiders Put High Value Information at Risk,” is that 56 percent of the respondents said they do not educate their employees on the protection of files containing confidential information. Reporter Karen Epper Hoffman referenced this statistic in her SC Magazine eBook contribution, “Locking it down,” and included insight on encryption from Fasoo customer Jay Rudd, IT manager, General Plastics and Composites LP. With organizations not taking the proper precautions through education, they are not doing themselves any favors in preventing the leakage of high-value information.
As Jay Rudd noted, “The persistent, file-based encryption approach is becoming more popular in the wake of recent attacks where the malicious attacker was able to bypass traditional security measures and access confidential information.”
Where traditional security systems are failing, encryption and other additional security measures can fill the gap to further protect sensitive data from ending up in the wrong hands and resulting in a potentially catastrophic outcome. We live in a time where breaches happen so often they almost seem to be inevitable, making the “all hands on deck” approach crucial to minimizing risk.
Encryption in particular protects data whether it is accessed internally or externally. If a malicious attacker were to gain access to the data—whether customer data, trade secrets, financial information, or personal information—it would be rendered useless because of the added layer of security encryption offers.
Adding permission controls to encryption ensures that you not only protect the data at rest and in motion, but you can limit user actions as they use data. If you can prevent a user from editing, printing or take a screen shot of sensitive information, you have closed the gap of traditional security by really controlling its access.
As we’ve seen in the past year, no industry escapes from targeted attackers. From healthcare to Hollywood, every organization must consider this next level of protection against those who wish to do harm.