Data-in-Use Encryption Key to Curtailing Cross-Border Cybercrime

Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Tilo Weigandt of Vaultree argues that data-in-use encryption is the key to thwarting international cyber-criminals.

Daily headlines jolt us into the reality that yet another company and its customers have fallen prey to cyber-criminals selling usernames, passwords, and personally identifiable information (PII) on the dark web. Cyber-criminals have a security stack on the dark web enabling them to conduct their business anonymously, which is far superior to the relative transparency law-abiding organizations must use to run their business.

What can we do? How can we prevail against international cyber-criminals and organizations? Although many systems and methodologies are on the market for preventing, thwarting, and discouraging cyber-attacks, it’s virtually impossible to protect data from every possible attack vector and theft perfectly.

Widget not in any sidebars

Cross-Border Cyber-Crime

Fraudsters now operate worldwide and prey on millions of unsuspecting targets thanks to social media, email, and the internet. According to the Federal Trade Commission, fraud cost American consumers $8.8 billion last year. That’s up 44 percent from 2021. While those figures are staggering, they are only part of the puzzle — fraud is trending upward on a global scale.

When we move beyond the consumer scale to enterprises and governments, cybersecurity risks have become a major concern as the world economy moves toward digital change. The complexity of the technology environment is rising along with the interconnectedness and interdependence of public and private ecosystems due to emerging technologies that support this digital economy, such as cloud, AI, and quantum computing.

When it comes to a cohesive cybersecurity ecosystem, we are a Tower of Babel. Information data workers in India may not be in compliance to the degree that protects them, so they are exposed and leaving the international clients they serve in a vulnerable state. Insurance companies with divisions in Australia, the UK, and North America must contend with each country’s distinct menagerie of legislation and regulations, such as GDPR, LGPD, Canada’s privacy law, Australian Data Protection law, and so on. It’s unwieldy and costly to maintain compliance with all these varied standards, and one false step can lead to a world of liability.

One way for entities to navigate the maze of legislation is to encrypt all their data – so that anyone can access it without compromising it because it is all protected. Persistent data encryption, even in the event of a leak, means that data is unintelligible to bad actors. Healthcare, finance, insurance, and governmental entities can process, search and compute ubiquitous data at scale, without ever having to surrender encryption keys or decrypt server-side.

Unlocking Cybersafety

The key to victory over cyber-criminals is to not have a key. It’s crucial to deploy cybersecurity defenses, including firewalls, antimalware, authentication, threat and vulnerability management, penetration testing, intrusion detection, and network monitoring tools. However, the foremost line of defense against cybertheft should be Data-In-Use Encryption. It encrypts data not only at rest and in transit over a network, which are common states in data encryption, but also while in use. Leading the encryption revolution, Fully Homomorphic Encryption (FHE), for example, is one such technology.

With Data-In-Use Encryption in place, cybersecurity professionals, business leaders, and their customers can rest assured that, even when cyber-criminals penetrate security perimeters and steal data, it’s worthless and impossible to decrypt. This persistent mode of encryption should be the starting point and nucleus of a cybersecurity strategy, sealing the data that is the target of most cyber-crimes.

While many organizations’ reputations, brands, and finances suffer from cyber theft, the impact is minimized when a company or government agency announces it took the proper steps to fully encrypt data and render it worthless if stolen. Persistent encryption breakthroughs could also improve an organization’s reputation and business. Since many of us may believe that cybertheft is almost inevitable, consumers and businesses, many of whom have been burned by breaches repeatedly, prefer to do business with an organization that fully protects data from breaches (exposure as plaintext). Cost savings also can be massive. The average cost of a data breach in the United States is estimated to be $9.4 million, a figure that could be drastically reduced if there is no value in stolen data.

Encryption in the Fast Lane

One of the common concerns about any encryption technology, including technologies such as Fully Homomorphic Encryption (FHE), is its impact on system performance. If system performance, such as the time required to view, search, analyze, or process data, is hampered by encryption, that’s a reason not to encrypt data in use. But if it can be searched close to the same speed as plaintext, there is no slowing down operations to ensure cybersecurity integrity.

Another common concern about any encryption solution is cost and complexity. An organization is unlikely to implement a costly solution that requires considerable modifications to its existing systems and information-technology infrastructure. It’s now possible to seamlessly integrate Data-In-Use Encryption technologies into existing information systems, whether cloud-based or on-premises, with no modifications. That’s music to the ears of IT and security professionals who don’t always march to the same tune.

What about making data available to third parties, such as business partners, and allowing them to search, analyze and process data? Data-In-Use Encryption remains in effect; there is no compromise to the security of that data and no decryption to plaintext. This supports zero-trust initiatives for third parties in addition to in-house employees and consultants.

New Horizons from Data-In-Use Encryption

This new encryption standard also opens new opportunities for previously inaccessible insights. For example, industries such as healthcare and financial services with strict data-privacy regulations can benefit from analytics, artificial intelligence, and machine learning performed on encrypted data.

With the daily deluge of data breaches, it may seem that we’re helpless against cyber-criminals, but encryption widely deployed would change the game, heading off this pervasive and ubiquitous criminal cross-border industry. We now simply need to lobby and advocate for organizations to deploy this vaccine-like shield and solution against cyber-crime.

Widget not in any sidebars