TECH INTELLIGENCE: A new set of keys

Listen to this article

Ransomware, generative AI, quantum computing, and an increase in surveillance are putting private data at risk — working with a cybersecurity consultant to implement encryption may be a vital part of the solution.

Encryption refers to the process of encoding credit card numbers, medical records, private messages, and other data, so even if an unauthorized person or entity gains access to it, they will generally be unable to read it. Thus, working with a cybersecurity provider to encrypt company data can help protect a business’s reputation as well as its private information, sensitive data, and communications.

Many organizations use encryption because they are concerned about external threats. But such attacks can also be mounted by insiders — including employees, contractors, or any other persons with authorized access to the organization’s systems and data. These threats can be intentional, such as when an employee leaks confidential information, or unintentional, such as when an employee inadvertently shares sensitive data.

Outsourced IT support organizations have gotten better at detecting and preventing ransomware attacks – where malicious actors prevent a user or organization from accessing their files unless a sum of currency or crypto is forked over – but criminals and state-supported actors are constantly adopting new techniques, including “data kidnapping,” where attackers exfiltrate and encrypt enormous amounts of sensitive corporate data and demand a ransom to prevent public exposure.

Encryption solutions typically employ an automated “key” that uses an algorithm to encode plaintext, or readable data, into ciphertext — unreadable data that can only be unscrambled with a corresponding decryption key.

Currently, there are two types of encryption algorithms: symmetric and asymmetric, and a cybersecurity provider can tailor solutions for specific businesses. A symmetric algorithm uses the same encryption and decryption keys. This model is commonly used for bulk data encryption because symmetric algorithms are fast and can be easily implemented by hardware. But anyone with a decryption key may be able to access the data — even if it is not intended for them.

In contrast, an asymmetric algorithm uses two separate but mathematically linked keys: a “public” key that encodes the data and can be distributed, and a non-shared “private” key that decrypts the data. The private key is similar to a mailbox key that has a unique design, unlike any other key. An asymmetric algorithm also makes it harder for hackers to modify data during transmission since doing so would prevent the receiver’s private key from decrypting the message, alerting the receiver that the message has been altered. 

Significant encryption enhancements are being developed to address a variety of issues, including quantum computers that will be able to break current encryption methods much faster than today’s computers; increased surveillance by governments, corporations, and other entities; and generative artificial intelligence algorithms, which generate “new” content by learning patterns and relationships within a given data set. Generative AI uses complex mathematical techniques such as neural networks and deep learning, to learn from massive training data sets.

One emerging defensive development is post-quantum cryptography, which addresses the danger that existing cryptography methods may be vulnerable to next-generation quantum computers and uses quantum bits – instead of traditional binary code – to perform calculations. As such, quantum computers may be able to break existing encryption in days or minutes. PQC, however, is a developing type of encryption designed to resist quantum computing attacks through the use of mathematical problems that appear too difficult for quantum computers to solve in a reasonable timeframe.

Additional cybersecurity encryption tools under development include “homomorphic encryption,” which enables computations and analysis to be performed on encrypted data without decrypting it — so sensitive data can be processed and analyzed without being exposed. Homomorphic encryption can also help to preserve privacy since it enables secure data sharing and analysis while maintaining the data’s confidentiality. 

The evolving “encryption revolution” will make it more difficult for cybercriminals to steal or manipulate data while expanding secure data sharing, collaboration, and analysis, spurring innovation in healthcare, finance, and other critical areas. Businesses that partner with experienced cybersecurity providers will gain a significant competitive advantage by staying out in front of these and other developments. 

Carl Mazzanti is president of eMazzanti Technologies in Hoboken.