Discussions surrounding data residency, lawful intercept and protecting data from advanced threats have been top of mind for many years, and recent stories shine a spotlight on the risks to data, including theft and extortion. Yet, so many IT security professionals said that they have a devil-may-care attitude toward the need to protect data from inadvertent risk.
Voltage Security conducted the survey at the recent Infosecurity Europe exhibition and found that IT security professionals, even though they should know better, often don’t practice safe security practices themselves. A full 36% in a recent survey admitted to sending sensitive data outside of their organizations without using any form of encryption to protect it.
"This statistic is cause for alarm, particularly given that encryption provides protection for companies against cybercriminals, competing companies and even governments; it is the key to keeping sensitive data away from prying eyes," said Terence Spies, CTO at Voltage Security, in a statement. "Encrypting data at the source means that hackers or malicious actors will not be able to see or use the information, even if they do manage to intercept it."
In addition to the laissez-faire attitude toward basic encryption, almost half indicated that they are not de-identifying any data within their organizations.
Voltage noted that the ability to “de-identify” information, by employing standards-based encryption technologies such as Format Preserving Encryption (FPE), provides very effective mechanisms to secure sensitive data, as it is used and managed at the personal and professional level.
“This inherently provides an underlying foundation for data privacy, ensuring not just that the data itself is secure, but also that the information can only be accessed and used by authorized users and the specific intended recipients,” said Spies.
All of that said, the majority of respondents seemed aware of the stakes. “Companies want to ensure that they are complying with all applicable laws, while not relinquishing their ability to provide the high level of protection of sensitive information that their customers demand of them and privacy mandates require,” Spies noted. “It is encouraging to see that three-quarters of those we spoke to at Infosecurity are aware of these data residency requirements and laws.”