32% of organizations have seen an increase in device encryption in the past year, according to a Vanson Bourne survey.
Additionally, 31 percent noted that their organization now requires all data to be encrypted as standard, whether it’s at rest or in transit, and 24 percent require the encryption of all data when it’s being stored on their systems or in the cloud.
Further to this, 27 percent of surveyed IT decision makers stated their organization has increased the implementation of encryption in other ways – up from zero in the 2020 survey. This rise is likely due to organizations having had to operate in new working environments with increased remote working and the need to implement new systems and controls as a consequence.
Jon Fielding, Managing Director EMEA, Apricorn commented: “The pandemic upended business operations, with vast numbers thrown into remote working. Data traffic is no longer simply moving from the confines of the corporate network, but from numerous devices and from a multitude of locations.
“Encryption is increasingly recognised as a key component for data security and cyber resilience, especially at the highest levels. Examples include the use of encryption being one of very few technologies recommended within GDPR and Joe Biden’s recent Executive Order, stipulating the need to adopt encryption for data at rest and in transit. If ever there were a time to increase and execute the use of encryption, this is it!”
Lack of encryption and misplaced devices causing data breaches
Regardless of the increase in the use of encryption, when asked to select up to three main causes of a data breach within their organization, 30 percent of those surveyed report lack of encryption (12%) and lost/misplaced devices containing sensitive corporate information (18%) as main causes. This could be due to the absence of control over corporate data.
When reporting up to three of the biggest challenges associated with implementing a cyber security plan for remote/mobile working, 39 percent of those surveyed admitted they cannot be certain that their data is adequately secured, 18 percent said they don’t have a good understanding of which of their data sets need to be encrypted and 15 percent have no control over where company data goes and where it is stored.
Most organizations require encryption
That said, 77 percent confirmed their organization had a policy in place that requires encryption of all data held on removable media. Of those, 33 percent only allow the use of hardware encrypted organization-approved removable media; 18 percent only allow the use of organization-approved removable media, which aren’t hardware encrypted, but software encrypt everything written to them; 16 percent allow use of all removable media devices, including employees’ own USB sticks, but software encrypt everything written to them; and 10 percent have an alternative policy that requires encryption of all data held on removable media.
However, 20 percent of IT decision makers either tell their employees they are not permitted to use removable media (7%), or physically block all removable media (13%).
“Whilst businesses should only allow corporately approved, hardware encrypted devices to those with a business justification, not allowing, or physically blocking removable media can impede productivity and put data at risk. By deploying the right solutions at the endpoint, it not only allows employees to use their own hardware safely, but gives them autonomy, assisting operational agility and defending against the risk of cyberattack,” points out Fielding.
Positively, 88 percent state their organization has an information security strategy/policy that covers employees’ use of their own IT equipment for mobile/remote working, 22 percent of which allow only corporate IT provisioned devices and have security measures in place to enforce this with end point control.
The increase in encryption usage looks set to continue
When questioned on which devices their organization currently encrypts, and which they plan to expand encryption, surveyed IT decision makers noted that their organization already encrypts some devices, and plan to expand their encryption usage on USB sticks (19%), laptops (16%), desktops (12%), mobiles (22%) and portable hard drives (18%).
“Remote working has become the ‘new normal’ and it’s crucial that businesses now address any quick fix security solutions they had put in place and ensure the security of corporate data. The rise in endpoint control, and the plans for increased encryption are hugely positive, but this needs to be embedded in remote working policies if businesses are to avoid the potential for a data breach and failure to comply with existing regulations,” Fielding added.
Organizations, device, encryption
- ISO 27001 Lead Implementer
- ISO 27001 Foundation
- ISO 27001 Lead Auditor
- Cybersecurity Professional
- Cybersecurity Lead Implementer
- Cybersecurity Lead Auditor
- CEH | Certified Ethical Hacker
- CHFI | Certified Hacking Forensic Investigator
(2021) Organizations have seen an increase in device encryption. Recovered on 1 June 2021 https://www.helpnetsecurity.com/2021/05/31/device-encryption-increase/