What's new with encryption?

Though already widely used, encryption awareness will rise and grow stronger

When thinking about topics to cover for those who are new to security, opportunities abound. New threats emerge every day, along with new technologies to help combat those threats. Everyone is itching to know what they need to do to defend the crown jewels, which in itself is a new concept in cybersecurity.

Even though there is nothing 'new' about encryption--it remains a vital tool in terms of securing communication, there will be new developments as the threat landscape continues to evolve.

In the exchange of information, whether via email, websites, or smart phones, encryption is used all the time, well, almost all the time. 

What will change with encryption is a rise in the awareness of its use. Everyone, from the lay person to the security practitioner, will likely come to understand the critical need for encryption in 2017 and the years to come.

Jacob Ginsberg, senior director at Echoworx, said, "The use of encryption is going to go up. People are becoming more aware of the steps they have to take, and use is going to rise not just because of awareness and threat landscape but because of tech's focus on usability."

Targeted ransomware attacks have a vast majority of businesses on alert as they realize that being a victim of cybercrime is a much stronger reality. "I think last year, the past two post-Snowden years were more about encryption awareness. Now awareness and conversation will turn into action. The huge attacks are no longer isolated events but part of the tapestry now," Ginsberg said. 

Likening surfing the web to crossing the street at a traffic light, Ginsberg said that there will be action across the board. "Now there is either liability or responsibility to use encryption, but you can't count on tech providers to do it for you. Even if you have a walk signal, you still look both ways before crossing the street."

Encryption covers a lot from shopping behavior to identity recognition. "Everyone needs to remember that everything you email in the clear is basically a post card. Most anyone can read it if they wanted to. Companies are still conducting business sending emails in the clear, and people are revealing private information," said Ginsberg.

It ought to be unacceptable that someone can book a flight somewhere and then receive an email in the clear telling the whole world where that person is going and when. Ginsberg said, "As a stance, for a company, that should be unacceptable. Companies, individuals, journalists, charities, they have to take advantage of these tools and protect themselves." 

However, protection is not solely about purchasing tools. "As with anything, it's about implementation and education and not just purchasing or having a tool set," Ginsberg said.

In that way, the use of encryption will grow as more companies become good stewards and let users know--in a not so direct way--that an email is not sent securely. "Enterprises have to make use of these tools," said Ginsberg. "It's such a complicated tapestry that really transcends home life and work/life boundaries. Where do things begin and end?"

An example of that not so direct way of letting users know that an email is sent in the clear is a little red, open lock. Unlike the green lock that many look for with https, which confirms that the site is secure, the open red lock let's you know that the exchange of information is not encrypted.

Ironically, the first time I had seen the open red lock was just before my call with Ginsberg. It was an exchange I was having with the legal department of the Massachusetts Department of Elementary and Secondary Education. Rather alarming.

"Gone are the days of the old 'it's not my problem' mentality. When it comes to internet security, everyone needs to take more responsibility for someone else's cyber education," Ginsberg said. 

SUBSCRIBE! Get the best of CSO delivered to your email inbox.