May 17, 2020

Encryption: The good and the bad

Encryption
GDPR
Biometrics
Ransomware
Simeon Tassev
4 min
Encryption
Encryption exists to protect data from unauthorised access by translating it into a format that is unreadable without a decryption or secret key. Howeve...

Encryption exists to protect data from unauthorised access by translating it into a format that is unreadable without a decryption or secret key. However, the very method used to keep data safe is also being used to compromise it.

The likes of Ransomware is becoming increasingly prevalent, with stories about such attacks flooding newsfeeds on almost a daily basis. Once it has infiltrated a system or network, Ransomware leverages encryption to hold data hostage, demanding payment for the decryption key to release the data back to the owner.

The need to protect data

Data is valuable, and there is an increasing need to protect it. Looming regulations such as the Protection of Personal Information (PoPI) Act, and the EU’s General Data Protection Regulation (GDPR) are driving forces behind having proper mechanisms in place to protect personal information.

It’s also good common sense to ensure that data, particularly sensitive data such as company information, proprietary data and personal data, is protected. Perimeter security and firewalls are no longer sufficient in a connected world where closing all the doors to your information is becoming harder to do.

Many cyber-attacks are unwittingly initiated from within organisations through users accidentally opening an infected webpage or link, heightening the need for proper controls to be in place - controls such as encryption.

See also:

How encryption works

Encryption essentially converts plaintext data into something called ciphertext using algorithms and an encryption key. There are two main types of encryption: symmetrical and asymmetrical. Symmetrical encryption uses the same key to encrypt and decrypt data, meaning the key used to encrypt the data must be shared with the recipient to decrypt the file - similar to when your password lock a word document.

Asymmetric encryption makes use of two different encryption keys, a private and public key. The keys are usually large numbers that have been paired together but are not identical. Either of the keys can be used to encrypt a message, however the opposite key from the one used to encrypt the message is used for decryption.

Best practice for better control

Encryption is one of the tools that is used to protect data, but should form part of a data security strategy which defines various controls to keep data safe.

For organisations to protect data, it is important that they understand their data, knowing what data they are protecting and where that data resides. After all, you can’t effectively protect something if you don’t know where it is, and it wastes resources and time to protect data that doesn’t need protection.

There are two main types of data: data at rest and data in transit. From a data in transit point of view, data is encrypted as it traverses various networks. Data at rest, however, requires different levels of protection for maximum effectiveness.

Data at rest - which is data residing in a business’s data centre, backup storage, network and various machines such as computers or mobile devices - needs to be classified in order to define the level of protection required. This includes basic rights management and access control regarding who may access what data, an under what conditions.

More often, organisations are employing controls such as multi factor authentication, which combines two or three of three elements: password, physical card or token and biometrics. Regardless of the controls in place, encryption is still required at every data access point to protect against unauthorised access, use or dissemination. In this way, even if an individual gains access to data, they are unable to read it or, in any way, use or abuse the data.

Beating Ransomware

Ransomware is predicted to escalate in the upcoming years, especially with services such as Ransomware-as-a-Service (RaaS) being offered on the Dark Web. The rise of Ransomware means that organisations need to make plans to protect themselves against attack, while also considering a plan of action for if they are successfully targeted.

Most IT security companies and professionals strongly advise against paying to restore data. Not only does this drive the success of Ransomware, fuelling the rise of cybercrime, but paying the ransom does not guarantee that a business will recover its data. With this in mind, companies need to be prepared in other ways.

Preparation includes introducing a strict and well communicated IT security policy, with aligned security mechanisms, which educates and informs all stakeholders of the dangers of Ransomware and how to prevent infiltration. It also means having a solid backup solution in place which enables multiple data copies to be created and kept, and which shows evidence of strong security and encryption in place as well.

If Ransomware breaches an organisation’s security measures, organisations can fall back on a backup. It is important, however, that the business chooses a backup solution which offers quick data restoration time, as well as the safety net of an offline backup, too. No organisation which uses the Internet (basically every business) is completely immune to Ransomware, and if a business’s backup is also compromised, having an offline backup could be the difference between continuing with business as usual, or shutting up shop.

Simeon Tassev, Managing Director and QSA, Galix Networking

Share article

Jul 30, 2021

IoT market expected to grow due to increase in IoT use cases

IoT
Internet of Things
market growth
Catherine Gray
3 min
The Internet of Things (IoT) service market is expected to grow at a rate of 24% through 2025 according to a report by The Business Research Company

An increase in the internet of things use cases is expected to drive the IoT service market, according to the IoT Services Global Market Report 2021: COVID-10 Growth and Change to 2030.

IoT has found its use in many areas over the years. It can be used in manufacturing, farming, smart cities, transportation and in many other industries and fields.

Due to the fact it can be utilised in many industries, there is an increased need for IoT services and applications. IoT services that provide support by delivering services such as consulting, data management, network management and security services, are in much higher demand.

The impact of COVID-19 on the IoT services market

According to the report, the global IoT services market is expected to grow from $139.24 billion in 2020 to $162.39 billion in 2021 at a compound annual growth rate (CAGR) of 16.6%.

In the coming years, the IoT managed services market size is expected to reach $381.16 billion in 2025 at a CAGR of 24%.

This growth lends itself to companies resuming operations and adapting to the new normal as we emerge and recover from the pandemic.

Previously, COVID-19 restrictions led to restrictive containment measures, remote working and the closure of commercial activities that resulted in operational challenges.

IoT use cases driving growth

The IoT services market consists of the sales of IoT services and their related products. IoT services are delivered by the IoT services providers. These providers provide consulting, security and analytics services as per the requirements of the business.

Major players in the IoT services industry are Cisco Systems, Cognizant, Google, Infosys and Tieto Corporation, to name a few.

An increase in IoT use cases is expected to drive the IoT service market; this is where IoT can be used to automate processes and increase productivity. As it has found many uses cases over the years, this increases the demand for IoT services and this is expected to drive growth.

Enhancing deployment workloads with edge or cloud computing

Despite the expected growth, low enterprise adoption is expected to hinder the IoT services market. Although IoT has its use in many industries, due to factors such as low awareness, enterprise adoption is low, the report states.

Only 29% of enterprises have adopted IoT solutions according to the Omida data survey.

Edge or cloud computing however is enhancing the deployment workload on IoT devices, according to the report. This solution facilitates data processing and data storage in the cloud.

Microsoft released its Azure IoT Edge recently. This fully managed service is built on Azure IoT Hub. By moving certain workloads to the edge of the network, businesses that utilise Microsoft’s IoT platform spend less time communicating with the cloud, react more quickly to local changes and operate reliably in extended offline periods. 

The IoT Services Global Market Report 2021: COVID-19 Growth and Change to 2030 is one of a series of new reports from The Business Research Company that provides an IoT services market overview

Share article