Q2 Cyber Threat Report: Ransomware Season Arrives Early
In this report, our threat intel team highlights our critical cyber threat and ransomware findings from Q2 2024 and what it means for the threat landscape.
Protecting data is a multi-layered approach that starts with proper encryption. Data encryption is a straightforward but powerful tool to protect sensitive information. Taking adequate steps at your organization to guarantee your data is protected means, first, knowing where your data is, and, second, recognizing where you need to take actionable steps to enforce encryption both at rest and in transit.
Below, we’ll cover the most common areas of encryption: Endpoint Encryption, Mobile Device Encryption, Backups Encryption, and File Level Encryption — plus why they matter, and how you can ensure they are thoroughly implemented.
When we focus on endpoint encryption, we want to ensure that the hard drive itself is encrypted. This is referred to as full disk encryption (FDE). For example, if someone was able to get their hands on a company laptop, a password alone is not a strong enough deterrent from getting key information. If the hard drive is not encrypted, someone can read data directly from the hard drive, bypassing the password on the system. FDE encrypts at the hard drive level and makes the data unreadable if the device is stolen.
Modern-day Windows and Mac devices are encrypted by default.
Enterprises should ensure that the encryption keys are managed through a central system to allow for easier device management. This way, if an employee leaves or something goes awry, you’ll always be able to gain full access to the data on the device.
If your organization is a cloud-native company (you don’t have any on-premise servers), Cloud options exist to manage the encryption keys.
You can find a specific software solution that can be deployed throughout the environment to help manage backup recovery keys for you.
If your servers are located in areas that can easily be broken into (e.g. a closet in your office), you should enforce FDE. For servers that are stored in data centers that have robust physical security controls, it becomes less of a priority. We recommend prioritizing devices that can more easily be stolen or misplaced (laptops and mobile devices).
Through both Android and IOS, most phones and tablets are encrypted by default. If a mobile device is lost or stolen, encryption can protect your data.
If you want to go beyond the basic controls already in place, you can implement a Mobile Device Management solution. If someone is using a mobile device to connect with your organization’s network, you can require them to meet certain security settings before accessing your organization’s data. For example, you may require employees to have a security pin in place on their mobile device to continue connecting. This also allows you the ability to monitor for and enforce encryption on phones if for some reason encryption is not enabled or has been disabled.
Your backups, when stored on disks, exist as a file. You can access those files and create a replica of your environment, but a threat actor may also be able to access these files and gain access to your data. Encrypting those backups adds an extra layer of security for your organization.
Your backups should already be encrypted then, but you should always ask your SaaS providers how they protect your data, including if they are encrypting your data.
If a threat actor accesses your data through some sort of backdoor into your environment, hard drive-level protection won’t secure your data on a software level. For an extra layer of security, you can start to implement encryption controls on individual files themselves. From Word documents to ZIP files, you can add passwords to prevent anyone unwanted from seeing the contents. More robust solutions exist to manage this at scale and for data stored in applications. Proper implementation of encryption at this level can be a long-term project and should be planned and implemented with the help of experts.