Majority of security pros using encryption for personal communications

11 May 2018

| Author: Jay Jay

With news around cyber criminals cracking digital infrastructure at enterprises to get their hands on personal data of millions of customers and using data obtained from existing breaches to carry out further attacks, cyber security professionals are now taking their privacy more seriously and are using encrypted channels for their personal communications.

A survey of over 500 security professionals by security firm Venafi has revealed that the number of professionals using encrypted channels for personal communication has risen from a mere 45 percent last year to a healthy 64 percent this year.

Increasing use of encryption

While the percentage of professionals who don’t use encryption in any of their personal online activities has come down from around 17 percent to 10 percent between last year and the present, those who use encryption occasionally has also come down from 38 percent to the mid-twenties.

“We’re entering a world where machines process and conduct transactions autonomously. As a result, it will be incredibly important to preserve privacy with the use of strong encryption. Despite the challenges this poses, it’s excellent news that more than half of these security professionals use encryption to protect their personal privacy,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.

At the same time, security professionals are also expressing increased concerns about encryption backdoors as the same can be used by governments to access private communications. The number of such professionals also increased from 73 percent last year to 84 percent now.

“Research shows that concern over encryption backdoors is growing, especially as our adversaries become more sophisticated and better equipped to exploit weaknesses. We must secure the privacy of machines, including Docker containers, Kubernetes clusters and cloud instances – all of which can scale in milliseconds. These machines will represent a new challenge for the next generation of RSA Conference attendees,” Bocek added.

Is encryption a permanent solution?

Even though the widespread use of encrypted channels for personal communications is a welcome step, the security and privacy of personal data can never be taken for granted as governments are expressing greater interest in legalising encryption backddors and cyber criminals are also creating new tools to defeat encryption.

For instance, security researchers at Kaspersky Lab revealed in January that a malicious software named Skygofree was used by cyber criminals to read encrypted WhatsApp messages and to force smartphones to spy on their surroundings.

According to the researchers, an Italian IT company created Skygofree to spoof popular television service Sky Go and distributed the malware using fake websites designed to mimic websites owned by mobile network operators since 2014. The malware could exploit an accessibility feature in Android to read everything displayed on a screen, including content from popular apps such as Facebook Messenger, Skype, Viber, and WhatsApp.

Support for encryption backdoors

Figures released by Venafi from its latest survey ironically contradicts the findings of a survey it carried out at the RSA conference back in April. The survey was carried out to gain responses from security professionals on whether governments should regulate the collection of personal data by social media companies.

The survey released that 70 percent of security experts were in favour of such regulation even though 72 percent of them believed governments did not have a good understanding of the threats impacting digital privacy.

“These results are disturbing. While security professionals agree that government officials do not understand the nuances of social media and digital privacy, they’re still looking to them to regulate the technology that permeates our daily lives,” said Bocek.

An alarming 45 percent of them also said that they were in favour of the government compelling private companies to build encryption backdoors, even though they believed government officials did not properly understand the cuurrent cyber threat landscape.

“It’s disheartening that so many security professionals think encryption backdoors will somehow make us safer. There is no question that they will undermine our global economy and make digital communication much more vulnerable.

“Any backdoor will be extremely lucrative, so cyber criminals will spend an enormous amount of effort to steal one. And once a backdoor is leaked it’s certain to be available to the highest bidders on the dark web,” he added.

Source link