IBM just released IBM Z, a new mainframe that reportedly can run more than 12 billion encrypted transactions per day – a staggering 18 times faster than any other platform. Since encryption is difficult to do at scale, IBM hopes this mainframe will help banks, healthcare providers, government agencies and other companies bolster the security of customer data. This move from IBM represents a larger trend of major players looking to encryption as a way to help combat cyber threats.
Encryption is often a deterrent to cyber criminals; they’d prefer to target clear text data that doesn’t require as much effort to access. The problem is that many businesses leave large amounts of company data unencrypted. A recent Sophos study showed 45 percent of companies don’t always encrypt intellectual property, while 31 percent don’t always encrypt financial information.
Encryption adds another layer of security for sensitive personally identifiable information (PII) by using an encryption key generated by an algorithm. While authorized users can easily decrypt the message, an unauthorized person would need a high level of computer resources and expertise to access the files. This makes unencrypted data much more lucrative for cyber criminals. To underscore this point, since 2013, hackers have compromised more than nine billion digital data records in more than 7,700 attacks. Only four percent of those attacks targeted encrypted data.
Encryption is key for maintaining compliance, as well. Current and upcoming guidelines are putting more emphasis on protecting customer data. Companies that can demonstrate encryption will have an advantage.
The European Union’s General Data Protection Regulation (GDPR) takes effect in May of 2018, making data encryption vital for businesses with customers in Europe. The GDPR states companies should encrypt personal data to avoid compromising confidential information.
Stateside, the U.S.’s Federal Financial Institutions Examination Council (FFIEC) recently updated its requirements for using encryption within financial services. With these guidelines, organizations must implement different types or levels of encryption based on the sensitivity of the information.
Beyond increasing their use of encryption, companies should constantly be thinking about better ways to help protect customer data. Organizations should only collect necessary data from customers and consider proactive credit and identity monitoring for their customer to help them mitigate their risk of identity theft.