Over 5,000,000 data records are lost or stolen every day. Of the nearly 10 billion data records stolen or lost since 2013, only 4% were encrypted.
Remember the original Alien motion picture? Frightening. The latest data breach statistics? Beyond frightening. According to the website breachlevelindex.com, which tracks this number, we’re fast approaching the 10 billion mark. Currently, more than 9.7 billion data records have been lost or stolen since 2013.
The website reports that more than 5 million records are lost or stolen every day, which breaks down to 58 per second. If these statistics aren’t bad enough, here’s scary icing on the cake. Of the nearly 10 billion data records stolen or lost since 2013, only 4% were encrypted.
Why encryption matters
Encrypted data is secure data. If you do not take this protective step with sensitive information, you are solely responsible for the consequences when it is stolen or lost. You had the ability to render this data useless to anyone unless they also have the encryption key – but you chose not to take the precaution.
One more thing. Some of the laws around data breaches are written in such a way that a business is under no obligation to disclose a breach if it loses only encrypted data but not the encryption keys. Which means it’s likely that the 9.7 billion data records reported as lost or stolen since 2013 is grossly underreported.
So, the breaches may be far worse than we know – but in some respects, that’s just a distraction. Let’s get back to the 96% of those data records that no one bothered to encrypt. Why?
It’s difficult and time-consuming
The biggest “because” you hear about from organizations that don’t encrypt sensitive data is because the technology is difficult to implement. Data must be encrypted at rest and in motion. One of the hardest parts of it is managing the encryption keys – who has them and how they’re keeping them protected.
“Because it’s not easy” won’t cut it as an excuse. Especially when the average person can Google the subject and discover that successful encryption has been around since the 16th century. There are now SaaS encryption solutions that are easy to adopt. They have minimal development or operational implications. These solutions enhance privacy by ensuring that encryption keys are always controlled by the owner of the data. If there’s a breach and data is stolen, it is completely useless to anyone who ends up with it.
Three steps to encrypted data security
- Identify and encrypt: If you store sensitive data, you have an obligation to its owners – as well as your ability to stay in business – to render it unreadable and useless. This must apply to data no matter where it resides, which could be on your physical servers, in a virtualized environment, or in the cloud. Encryption obscures and protects this data whether it’s at rest or in motion.
- Manage encryption keys: Most common burglars know to check for a house key under the mat. Even high-tech companies have their own version of the “under the mat” thinking. Your encryption key management program has to step beyond default thinking and implement processes that limit access.
- Control access to data: Some industries already have stringent regulations in place to mandate user access. There’s really only one point at which encrypted data is in danger, and that’s when it’s been accessed and unencrypted by a user. It’s why federal mandates like HIPAA require a verification process and a log of users who access sensitive patient data.
There is a good possibility that any data network will be breached. It’s only a matter of time. When it happens, will you be adding to the stats you read earlier?
And if your company resides in the state of New York, your business is mandated by law to comply with what’s known as DFS Part 500, which includes encryption requirements. Learn more here.