The WannaCry ransomware attack underlines that encryption is an essential layer of modern online security, says LAWtrust solutions director Maeson Maherry.
The WannaCry worm disrupted information technology services across the globe, hitting organisations as large as the UK’s National Health Service, Germany’s Deutsche Bahn railway service and US logistics giant FedEx.
It was “mathematically infeasible” that hackers, even of the ilk that came up with WannaCry, would gain access to the data they kidnapped if it was properly encrypted, said Maherry at LAWtrust’s stall at this year’s ITWeb Security Summit at Vodaworld in Midrand. The conference began on 16 May and ends on 17 May.
LAWtrust specialises in database and email encryption and certificate management. It’s a 100% South African-owned company trusted globally to safeguard data. The European Union has hired it to provide cross-border identity validation technology.
Ransomware is malicious software (malware) that encrypts important files, holding them ransom until money is paid to release them – usually $300. An added threat is that if the ransom is not paid, the entire system from which the information was taken will be deleted.
Because so much information is stored in the cloud these days, it needs to be encrypted so that, even if it is hijacked through an attack such as the WannaCry attack, it is useless to the thieves.
“It’s like [Dr] Aleksandar [Valjarevic, LAWtrust’s professional services head,] says – if they can hold the data ransom, they can steal it and look at it,” said Maherry.
Losing data is expensive, in terms of income and reputation, said Dr Valjarevic. In South Africa the average cost of a data breach is R28.6-million, according to the IBM & Ponemon Institute 2016 Cost of Data Breach Study: South Africa. Globally that cost is $34-million per breach.
“You need layers of security,” said Maherry. Although firewalls and virus protection are still important, because information is increasingly stored using a network of remote servers on the internet instead of a computer’s hard drive (i.e. in the cloud), encryption is vital.
Maherry said attacks such as WannaCry exploit easy vulnerabilities – no “patches” (software updates released by vendors to patch security “holes” in earlier versions of the software), weak authentication such as passwords, and no data encryption.
Earlier this year LAWtrust signed a deal with Thales e-Security, a global leader in hard- and software encryption solutions, so that it can offer state-of-the-art products. Before that it joined forces with email encryption experts ZixCorp.