Getting past the fear of encryption

Lysa Myers, researcher, ESET talks about the value of encryption and how she realized that it's not so scary

fear afraid hiding

Last night I watched a couple frightening episodes of Showtime’s new series, Dark Net. In both episodes, the growing sophistication of encryption was cited as the primary reason why criminals are getting away with everything from rasomware to child pornography.

If one were to rely solely on these dramatized programs as the representation of truth in the cybersecurity world, good prevailing seems nearly impossible.

But there is good, a lot of good out there, and for those who have always been inclined to take things apart and put them back together again, or for those who are fascinated by code, there are paths for you to explore in the world of cyber security that will help everyone defend themselves against the bad guys. Understanding encryption is an important, even essential, skill to have regardless of the position you hold.

Whether you have or wish to pursue a formal education, or you are self-taught and have impressive skills, there is a place for you. The trick is in finding that place so that you can get your skills noticed. That’s what happened for Lysa Myers, researcher, ESET who took the initiative to train herself into her security position.

Myers said, “When I started in security, it was all about malware. Encryption seemed super complicated and something that only hardcore people understood. The more I looked into it, thought, the more I realized that we all use encryption.”

Making a shift in the alphabet with just a few letters is one commonly used code writing that many researchers read, according to Myers, “Like it’s unencoded.”

Creators of ransomware have become more sophisticated with their encryption because they use more complicated algorithms. “There’s a balance between how complicated it is and how slow it is. As computers become more powerful, we are able to handle more complex encryption. 256-bit encryption is the most common, but there are various levels with 40 this or 128 this,” said Myers.

For Myers, realizing how many different times and how many different ways encryption is already used, made it seem a lot less complicated.

“If you have a shorter key, it’s more simple. The longer the key, the more complicated. The more bits there are the more complicated it is to unlock,” Myers said. 

Today there are certain encryption powers that make it unfeasible to unlock on our own, and Myers said, “It’s better to treat ransomware like a fire, and if you have a backup, ransomware is not a big deal.”

But understanding encryption is useful in just about every area of security. “If you’re the person in charge of implementing security, knowledge of encryption is important. If you’re someone analyzing malware, it’s a useful thing to know. Pen testers need to know it,” Myers said.

Because of the way products and technology have evolved, encryption has gotten more user friendly, but Myers said, “It’s not a simple thing to make good, secure encryption. You have to be extra cautious of security practices so that there isn’t a way of reversing the encryption that you might not be thinking of at the time.”

Once she started seeing the use of encryption around her, Myers realized that’s it’s not so scary. “Pretty much any OS has encryption for you to use on your files and folders. Email and IM have encrypted versions to prevent snooping,” she said.

And learning about encryption was for Myers as easy as, “Poking around at different things. How do I work encryption on my email? Investigating ways of incorporating it in your network traffic. You just check the help files and say how do I encrypt my files.”

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)