According to a new research report, 41% of firms are using encryption applications consistently across the enterprise...
-- achieving the largest year-to-year increase in encryption use since 2005, and up from 34% reported last year. And as enterprise encryption use grows, firms are putting more effort into maturing their encryption strategies.
The report, Encryption Application Trends Study, found the growth in enterprise encryption reflects the growing need to defend against cyberattacks, the need to comply with privacy regulations and demand from consumers. As more companies are turning to encryption, so too are more companies seeking to define their own enterprise encryption strategies.
"Significantly more companies are embracing an enterprise-wide encryption strategy -- an increase from 15% in FY2005 to 37% in this year's study," read the report, sponsored by the French cybersecurity firm Thales e-Security and conducted by the Ponemon Institute, based in Traverse City, Mich.
The researchers found that, for most organizations, the top three applications of enterprise encryption were for securing databases, internet communications (using SSL/TLS) and encrypting laptop hard drives. Those applications "achieve a 1st, 2nd or 3rd place for 12 of 14 industry sectors."
Breaking respondents into 14 industry sectors, Ponemon reported that the industries with the highest overall "extensive usage" rates for enterprise encryption were the financial services sector at 56%, the healthcare and pharmaceutical sector at 49% and the technology and software sector at 48%; the sectors with the lowest rates were manufacturing at 25%, consumer products at 27% and entertainment media at 27%.
In other news:
- Researchers described a new type of ransomware that dispenses with the command and control (C&C) infrastructure, as well as the need to create its own encryption routines or deal with public/private key pairs. Called Bart, the ransomware instead locks victims' files into password-protected zip files, and then demands 3 bitcoin (approximately $2,000) to access the archive. Brendan Griffin and Ronnie Tokazowski, researchers at PhishMe, the Leesburg, Va. threat management firm, noted that Bart, unlike other encryption ransomware, does not report the infection of a new computer to the attacker nor does it provide any access to support resources. Rather, Bart is believed to use a victim identifier to indicate to the attacker what decryption key to deliver on payment of the ransom. "Furthermore, most encryption ransomware has traditionally relied upon a sophisticated asymmetric, public-private key pair or the creation of a distinct symmetric encryption key for encryption. This key is generally passed to the threat actor's infrastructure at the time of encryption for later use. However, Bart simply places its targeted files in individual zip archives and applies password protection to these archives." According to Proofpoint researchers, "Because Bart does not require communication with C&C infrastructure prior to encrypting files; however, Bart may be able to encrypt PCs behind corporate firewalls that would otherwise block such traffic. Thus, organizations need to ensure that Bart is blocked at the email gateway using rules that block zipped executables."
- Calling it "a precautionary step to protect taxpayers," the Internal Revenue Service (IRS) has shut down their electronic filing PIN tool, "following additional questionable activity." The e-File PIN offered an alternative method of signature verification for filing taxes electronically, but in February the IRS reported attackers had accessed more than 100,000 e-File PINs. While the PIN tool did not disclose any taxpayer data, the IRS stated that "criminals used taxpayers' names, addresses, filing status, dates of birth and Social Security numbers which they obtained from other sources to access the e-File PIN." After the initial disclosure, the IRS left the PIN tool in place, but "additional defenses were added inside the IRS processing systems for protection, including extra scrutiny for any return with an e-File PIN." However, after the IRS observed more automated attacks, occurring more frequently, it decided to remove the tool as a safety measure.
- Boston's Massachusetts General Hospital (MGH) reported a "privacy incident" that occurred earlier this year. Approximately 4,300 patients were affected, according to the Boston Business Journal. The hospital delayed going public until law enforcement investigators gave them the all-clear to notify affected patients. The breach was traced to Patterson Dental Supply Inc. (PDSI), based in St. Paul, Minn., "a trusted third-party vendor that provides software that helps manage dental practice information for various providers, including MGH," the hospital stated. "On February 8, 2016, we learned that an unauthorized individual gained access to electronic files used on PDSI's systems, which we later confirmed contained some MGH dental practice information." MGH stated that the exposed files included names, dates of birth and Social Security numbers of some of the hospital's dental patients, and for some, may have included information about dental appointments and medical record numbers.
- Researchers report that hospitals are particularly at risk to be hacked with ancient exploits, according to research published by the research division of TrapX Security, based in San Mateo, Calif. Attackers increasingly are targeting medical devices that use legacy operating systems with well-known vulnerabilities. TrapX Security stated that "by camouflaging old malware with new techniques, the attackers are able to successfully bypass traditional security mechanisms to gain entry into hospital networks and ultimately to access sensitive data."