-https://www.coherentmarketinsights.com/insight/request-sample/1344

The Cloud Encryption Market Research report provides a detailed, qualitative analysis of business growth, cutting-edge growth strategies, current trends, and forecasts for the future. The report also offers in-depth analysis of the Cloud Encryption Markets size, share, and overall strategic business planning, as well as product details, CAGR status, SWOT analysis, and Porters Five Forces analysis. The impact of future factors on the global market is thoroughly examined in every way. Primary studies have been conducted using the ideas generated by surveys, interviews, and expert analyst opinions. As opposed to secondary research, which uses information from trusted paid sources, trade magazines, and databases maintained by industry bodies. With the aid of current market projections, company segment strategic recommendations are also made.

Cloud Encryption Market Scope:

The Global Cloud Encryption Market Report is a detailed and comprehensive research of the market with a focus on the analysis of global market trends. The objective of the study is to provide a complete market segmentation by type, application, and geography along with an overview of the Cloud Encryption industry. The forecast term is expected to see rapid expansion in the global Cloud Encryption Market. The report analyses key trends and opportunities in the industry and also important information on the market position of the major Cloud Encryption Market players.

Cloud Encryption Market Competitive Landscape and Segmentation Analysis:

The research includes a number of significant market manufacturers. It aids readers in understanding the alliances and strategies that market players employ to stave off competition. This thorough research provides a thorough analysis of the market. The footprints can be found by looking at the manufacturers global revenue and global price.

Our report focuses on top players in global Cloud Encryption Market, with production, price, revenue and market share for each manufacturer, covering:

:Cipher Cloud Inc. (U.S.), Hytrust Inc. (U.S.), Gemalto N.V. (the Netherlands), IBM Corporation (U.S.), Secomba GmbH (Germany), Sky-high Networks Inc. (U.S.)., Sophos Group Plc. (U.K.), Vormetric (U.S.), Boxcyrptor (U.S.), Viivo, Wave System, Symantec Corporation (U.S.), and Thales e-Security Corporation (France).

Detailed Segmentation:

:

: United States, Canada, and Mexico & : Argentina, Chile, Brazil and Others & : Saudi Arabia, UAE, Israel, Turkey, Egypt, South Africa & Rest of MEA. : UK, France, Italy, Germany, Spain, BeNeLux, Russia, NORDIC Nations and Rest of Europe. -: India, China, Japan, South Korea, Indonesia, Thailand, Singapore, Australia and Rest of APAC.

:https://www.coherentmarketinsights.com/insight/request-pdf/1344

Growth Mapping:

The objective of the study is to provide clients with a map of market growth and help them create plans to meet their business objectives. To analyze the markets growth, a variety of quantitative and qualitative approaches can be used. These methods include SWOT analyses of various markets, PESTEL analysis for various geographical areas, and Porters Five Forces analyses to identify various elements such as buyer and seller abilities, substitution effects, level of competition, and threats from new players.

Research Methodology:

The reports foundation is certainly created in-depth solutions offered by skilled data analysts. The research approach entails analysts gathering data only to have it properly examined and filtered in an effort to make meaningful forecasts about the market over the review period. The primary research is made relevant and useful by the inclusion of interviews with important market influencers. By analysing the market against a variety of criteria, the research approach clearly indicates the intention to derive a comprehensive view of the industry. The important contributions improve the report and provide it a competitive edge.

:

The deployment of recent data acquired by our own researchers. These provide you historical and future data that is analysed to show you why the market for Cloud Encryption Market is changing; this enables you to foresee changes in the industry and keep a step ahead of your competitors.

The concise analysis, understandable graph, and table format will help you quickly find the information you want.

Indicates the region and market sector that is most likely to grow quickly and take over the market.

A regional study demonstrating how the product or service is used in each location and the factors affecting the market there.

Complete company profiles for the major market players, including company overviews, company insights, product benchmarking, and SWOT analysis for the major market players, as well as new service/product launches, partnerships, business expansions, and acquisitions of companies profiled in the past five years.

The market forecast for the sector, taking into account recent developments including growth prospects and drivers as well as difficulties and constraints in both emerging and developed economies.

Porters five forces analysis is applied to give a thorough understanding of the market from many perspectives.

Provides market development possibilities in the upcoming years as well as industry comprehension through Value Chain Market Dynamics scenario.

:https://www.coherentmarketinsights.com/insight/buy-now/1344

:

What is the size of the overall Cloud Encryption Market and its segments by 2028? Which market segments and sub-segments are the most important? What are the Cloud Encryption Markets major drivers, restraints, opportunities, and challenges, and how are they projected to affect the market? What are the markets lucrative investment options for Cloud Encryption Markets? How big is the Cloud Encryption Market in each country and region? Who are the main market participants and their main rivals? What growth strategies have the major companies in the Cloud Encryption Market adopted? What are the current market trends for Cloud Encryption Markets? What obstacles face the expansion of the Cloud Encryption Market? What are the main market trends that are influencing the expansion of the Cloud Encryption Market?

:

1. Research Objectives and Assumptions

2. Market Purview

3. Market Dynamics, Regulations, and Trends Analysis

Continue

About Coherent Market Insights:

Coherent Market Insights is a global market intelligence and consulting organization thatprovides syndicatedresearch reports,customized research reports,and consulting services. We are known for our actionable insights and authentic reports in various domains including aerospace and defense, agriculture, food and beverages, automotive, chemicals and materials, and virtually all domains and an exhaustive list of sub-domains under the sun. We create value for clients through our highly reliable and accurate reports. We are also committed in playing a leading role in offering insights in various sectors post-COVID-19 and continue to deliver measurable, sustainable results for our clients.

Contact Us:-Mr. ShahCoherent Market Insights1001 4th Ave, #3200Seattle, WA 98154Phone: US +12067016702 / UK +4402081334027Email:[emailprotected]

See the original post:
Cloud Encryption Market Growth Set to Surge Significantly during the Forecast Period 2022-2028 | Cipher Cloud Inc. (U.S.), Hytrust Inc. (U.S.),...

This post was written with contributions from Dave McMillen.

So far 2022 has seen international cyber security agencies issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of two new OT-specific pieces of malware,Industroyer2andInController/PipeDream, and the disclosure of many operational technology (OT) vulnerabilities. The OT cyber threat landscape is expanding dramatically and OT asset owners and operators, all of whom understand the need to keep critical infrastructures running safely, need to be aware of the shifting landscape and what they should be doing to secure their operations.

IBM Security X-Force analysts looked at X-Force Incident Response (IR) and Managed Security Services (MSS) data to provide OT defenders with the intelligence necessary to protect their assets.

The manufacturing industry was the most-attacked industry in 2021, according to the 2021 X-Force Threat Intelligence Index. So far in 2022, manufacturing remains in the lead across both metrics at 23% of total IR cases and 65% among OT-related industries. This is just ahead of where manufacturing stood throughout 2021, victimized in 61% of incidents in OT-related industries to which X-Force responded. Of the other OT-heavy industries so far in 2022, electric utilities place a distant second at 13% and oil and gas and transportation tied for third at 8%, all three of which are similar to their proportion of attacks through 2021. Heavy and civil engineering accounts for about 3% and mining just shy of 2%.

Figure 1: Proportion of IR cases by OT-related industry, January-June 2022. Source: X-Force incident response data.

Incident Response Data

Looking at identified initial infection vectors, phishing served as the initial infection vector in 78% of incidents X-Force responded to across these industries so far in 2022. This tracks with phishings position as the lead infection vector across all incidents in 2021. This also highlights the importance of layered phishing defenses, including regular user education and training, software solutions to filter malicious email, email sandboxing solutions to analyze any attachments or linked payloads, web proxies to analyze linked domains and attachment downloads, and application allow listing and Attack Surface Reduction rules to limit which extensions and payloads can be executed by end users. Solutions such as EDR and XDR can help detect post-compromise actions on endpoints if Command and Control is established. This should also be combined with strong network and user behavior analytic detections and defenses in the event that a phish is ultimately successful.

Scanning and exploitation of vulnerabilities on external attack surfaces made up 11% of initial infection vectors in incidents. Proactively identifying and managing the external attack surface of IT and OT networks is essential to understanding what ports, services, and applications may be exposed to attackers externally and may require further hardening, patching, or isolation. Once the external attack surface is identified, focused vulnerability management can help address IT vulnerabilities, though such patching is notoriously difficult in OT environments where downtime is difficult to schedule and system refresh timelines can stretch over many years. Because of this, one might expect successful compromise through vulnerability exploitation to be observed more frequently, but typically OT equipment itself is not exposed directly to the internet and is typically targeted via IT network access. Therefore, proper network security isolation is key to reducing attack paths for threat actors seeking to pivot from IT to OT networks. The use of removable media tied for second at 11% of incidents, underscoring the long-standing threat that such media poses to OT networks, often by end users using infected USB media drives between operator workstations and personal laptops while in the field.

Proper segmentation, proactive testing of security controls, knowing your environment, and hardening systems are just a few of the steps available to secure these assets. As for removable media, ideally, USB flash drives should be prohibited when possible. If absolutely necessary, strictly control the number of portable devices approved for use in your environment and disable autorun features for any removable media.

Figure 2: Identified infection vectors for incidents against OT-related industries, January-June 2022. Source: X-Force incident response data.

Network Attack Data

In addition to analyzing data from our incident response engagements, X-Force analysts also reviewed OT-related industries network attack data to determine how attackers are most often attempting to infiltrate those networks. Widespread vulnerability scanning, mostly broad spraying with some more targeted attempts, accounts for most of the observed network attacks on X-Force clients in OT-related industries. Weak encryption implementation and brute force attempts make up the majority of alerts in client environments with OT monitoring devices.

Vulnerability Scanning

In most cases, the scanning attempts revealed in the data are not directly targeting OT or ICS, rather they are looking for any of a large number of vulnerabilities in an unspecified environment whether internally and externally. The fact that many of the OT-specific signatures triggered also appear against clients in industries without OT environments supports our assessment that much of this activity is indiscriminate scanning. When we analyzed network traffic related to ports commonly associated with OT, we found port scanning and Shodan scanner activity made up 47% and 36% of activity, respectively. These types of scanning can ultimately be used to identify vulnerable or accessible IT or OT environments.

Figure 3: Attack activity against ports commonly associated with OT, January-June 2022. Source: IBM Managed Security Services data.

The vulnerabilities X-Force sees being scanned for include ones from 2016, 2018, and 2021. Within network attack alerts from the subset of clients in OT-related industries, a filter bypass vulnerability in Trihedrals VTScada application (CVE-2016-4510) that could allow unauthenticated users to send http requests to access files was most common. Other vulnerabilities scanned include cross-site scripting vulnerabilities in Advantechs R-SeeNet devices platform (CVE-2021-21801, -21802, and -21803) and a vulnerability in CirCarLife SCADA software (CVE-2018-12634) that could lead to information disclosure. The CirCarLife CVE ranks 9.8/10 in CVSS, followed closely by Trihedrals at 9.1, and the others at 6.1.

Figure 4: OT-related vulnerability scanning activity against OT-related industries, January-June 2022. Source: IBM Managed Security Services data.

Refining and maturing your vulnerability management program can help protect your assets from threat actors seeking to identify vulnerabilities in your systems via such scanning. This should include dedicating a well-resourced and supported team to the task and prioritizing the CVEs below for OT networks. Overall, it is important to bear in mind that your specific environment does not need to be directly targeted to be compromisedif your network is vulnerable or misconfigured, it can be compromised.

Weak Encryption and Brute Force

Weak encryption and brute force alerts were the two most significant network attack alerts that clients with OT monitoring devices experienced. Almost 60% of the alerts concerned the continued use of TLS 1.0, an outdated and insecure encryption method deprecated in March 2021. Though the US Governmentrecommendsreconfiguration to use TLS 1.2 or 1.3, NISTguidelinesaddress in more depth the more common reality that older systems may need to continue using weaker versions of encryption to ensure continued functionality.

X-Force strongly recommends that organizations inventory and understand their environments; the types of encryption deployed should certainly be on those lists. We also recommend clients weigh the security risks with the possible benefits of continuing use of older encryption methods based on the sensitivity of the communications being secured.

Figure 5: Network alerts from OT monitoring devices, January-June 2022. Source: IBM Managed Security Services data.

Another 42% of alerts concerned brute force, both attempted and successful events. Among the small percentage of other alerts were a variety of network enumeration alerts including Modbus function code, illegal parameter, and suspect variables scans, and things like weak or default passwords found on devices, a basic but necessary vulnerability to address that makes brute force attacks easier for attackers. Other mitigations to reduce your networks susceptibility to brute force attacks include ensuring multi-factor authentication is deployed and regular re-authentication is required for as many logins as technically feasible, keeping applications and operating systems updated, and implementing lockout policies.

Top Threat: Malspam Delivering Emotet

So far this year, malspam ranks as the top threat across OT-related industries at 44% of incident response engagements. Notably, the majority of malspam incidents involved the delivery of the Emotet Trojan, which is reflective of a cross-industrytrendnot just in the OT space, and aligns with our data indicating phishing as the leading infection vector. Many of those incidents involved Emotet infections, receipt of thousands of infected emails, and infection from unauthorized downloads that sometimes led to system identifying information being stolen. In some of the cases, victims emails were hijacked to send Emotet-infected spam, probably to make the emails look more legitimate and get more clicks. Remote access trojans (RATs) come in second at 19%, ransomware accounts for 13% of incidents responded to, and business email compromise (BEC) and server access attacks account for about 6% each.

These numbers so far reflect a shift from 2021, when ransomware accounted for 36% of all attacks across these industries. Most of those ransomware events affected IT networks directly, with some having an indirect impact on OT networks. This trend is currently being observed across all industries, not just those with OT environments. Although new and existing ransomware groups continue to plague many organizations, X-Force assesses that fewer ransomware IR cases this year compared to last may be the result of defenders improving their own ransomware response plans or security posture to detect malicious behaviors in their environment before attackers have an opportunity to strike.

Figure 6: Identified threats for incidents against OT-related industries, January-June 2022. Source: X-Force incident response data.

Government and private institutions around the world have been turning their focus to mitigating risks to OT in recent years. Cybercriminals are developing new threats on a daily basis that can potentially result in catastrophic utility and manufacturing outages.

The threat to OT permeates across a nations entire economy and infrastructure. Organizations across all verticals must take full responsibility for protecting their own assets and consumers. The best way to keep adversaries out of an ICS is to implement simple safeguards, best practices, and risk management solutions. You can download ICS specific resources from government entities like the National Institute of Standards and Technology (NIST), which also offers network protection advice for connected things within industrial realms.

For more information on protecting ICS from rising threats while continuing to enable technological advancements, read X-Forces recent blog, Where Everything Old is New Again: Operational Technology and Ghosts of Malware Past. The report looks at the history of ICS, the susceptibility of these systems to certain attacks, and ways to defend those systems.

Strategic Cyber Threat Analyst, IBM Security X-Force

Mike Worley is a Strategic Cyber Threat Analyst on the IBM X-Force Threat Intelligence Production Team. He joined the team in 2021 with 8 years of experience...

Continue Reading

See more here:
X-Force 2022 Insights: An Expanding OT Threat Landscape - Security Intelligence

Storage security is a major concern for IT. Cloud storage -- specifically Amazon S3 -- can be particularly vulnerable if administrators aren't careful.

These five Amazon S3 storage security best practices -- including bucket settings and encryption -- stand out as the most important steps for admins.

The most common S3 storage security mistake organizations make is accidentally granting public access to buckets.

Access to S3 buckets is granted through an access control list (ACL). It is easy to accidentally configure these ACLs to enable public access. Fortunately, Amazon offers four settings to block public access:

Admins can apply these settings to individual buckets, access points, an AWS account or any combination of the three. If admins decide to block all public access to S3 buckets, Amazon recommends enabling all four settings by setting them to True.

Identity and Access Management (IAM) controls S3 storage access. In general, adhere to least privilege access principles. Give users the bare minimum permissions that they need to do their jobs.

Amazon recommends that admins separate read, write and delete access into individual IAM roles. This S3 security process makes it easier to grant write or delete access solely to the users who require it, instead of giving all users full access.

As with any storage system, encrypt any data in S3. Two options are available to encrypt data: client-side and server-side encryption.

Server-side encryption is the simpler of the two options and encrypts data as it is written to AWS storage. Admins can base server-side encryption on an Amazon-managed key, a customer master key or a customer-provided key.

Client-side encryption is more difficult to implement but is the better S3 storage security choice for admins concerned about decrypted data. Client-side encryption encrypts the data before it is sent to AWS. The encryption keys are maintained outside of the Amazon cloud. This approach guarantees that Amazon cannot decrypt user data but also means that admins must be careful not to lose the encryption key.

Require multi-factor authentication (MFA) for anyone who accesses data stored in AWS. MFA prevents anyone from accessing data using stolen account credentials.

An additional form of authentication is necessary beyond just a username and password. Amazon supports three MFA mechanisms -- a virtual MFA device, a Fast ID Online security key or a hardware device that generates a six-digit, time-synchronized code.

Enable server access logging, which tracks S3 access requests. That way, admins can see who accessed S3 buckets and when.

Logging also helps admins to know if unauthorized users attempt to gain access to storage resources.

Read the original post:
What are the top 5 Amazon S3 storage security best practices? - TechTarget

What is backup encryption?

TechTarget defines encryption as the method by which information is converted into secret code that hides the informations true meaning. Backup encryption conceals the original meaning of the data, thereby preventing it from being known to or used by unauthorized personnel. Backup encryption helps maintain confidentiality and integrity of data by converting unencrypted data, also known as plaintext, to encrypted data or ciphertext. Backup encryption is a two-way function: first, it converts plain text into ciphertext or a secret code and then uses a key to interpret the secret code into plaintext. Once a backup is encrypted, anyone without the decryption key will not be able to read it.

An encrypted backup is a backup that is protected by encryption algorithms to maintain the authenticity, confidentiality and integrity of information as well as prevent unauthorized access. An unencrypted backup simply means data or information stored is not encoded by any algorithm. Encrypted backups are secured by complex algorithms and are readable to only those users with a key. An unencrypted backup is vulnerable to online breaches and cyberattacks, and since it is in an unsecured form or plaintext, the information can be easily viewed or accessed.

Cybercrimes are growing both in frequency and sophistication. Despite organizations implementing several security controls, threat actors still manage to penetrate defense systems and wreak havoc. According to The Global Risks Report 2022 by the World Economic Forum, cybersecurity infrastructure and/or measures taken by businesses, governments and individuals are being outstripped or rendered obsolete by increasingly sophisticated and frequent cybercrimes.

Backups are quickly becoming a hot target for cybercriminals because they want to get rid of your ability to recover and gain full control of the attack. Therefore, backup encryption is important not only for business continuity and disaster recovery but also to improve your organizations overall security posture. Backup encryption is a security best practice that helps protect your organizations confidential information and prevents unauthorized access. Most organizations today use encryption technology for securing their sensitive data. Encrypting backups adds an additional layer of security by converting sensitive information into an unreadable format. Even if threat actors manage to intercept the data while in transit, they will not be able to access or read it without the decryption key. Due to its high reliability, encryption is used for both commercial and military purposes.

It is important to back up your data for quick recovery from a data loss or cybersecurity incident. However, you must also ensure that your backups are protected by encrypting them. Backup encryption has several benefits, including:

Privacy: Encryption encodes your information, rendering it inaccessible to malicious third parties or untrusted users. It also gives you and your customers peace of mind knowing that sensitive information will not end up in the wrong hands.

Security: Encryption protects against identity theft and blackmail since hackers cannot access the information without a key. Backup encryption also makes data more resistant to tampering and corruption.

Data integrity: Encryption prevents misuse of information even if your laptop, hard drive or smartphone is hacked, lost or stolen. This ensures the content of your backups is reliable, accurate, valid and has not been altered.

Authentication: Encryption ensures only intended parties have access to the data.

Regulations: Encryption helps your business comply with regulatory requirements and standards like the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and the Payment Card Industry Data Security Standard (PCI DSS) that require businesses to encrypt customer personal information when it is stored at rest and when transmitted across public networks.

Encryption converts data (messages or files) from plaintext or normal text into ciphertext using complex mathematical algorithms and encryption keys to improve data security. This ensures only intended parties can read or access the data. Once the encoded data is transmitted to the recipient, a decryption key is used to translate the data back to its readable state.

A simple example of transforming readable text into ciphertext is by swapping each letter with the one that is next to the ordinary text in the alphabet. It simply means a is replaced with b, b with c and so on. Here is how the encryption would appear: the word confidential would be converted to dpogjefoujbm. When data is encrypted, intruders can see that information is exchanged or transmitted; however, they cannot unlock the data without the correct key. This ensures data security both while in transit and at rest. Only authorized personnel with the secret key can decode and read the information.

The efficacy of encryption depends on the encryption algorithm used, the length or number of bits in the decryption key (longer keys are often much harder to crack) and the encryption method employed.

There are several factors that need to be considered to effectively encrypt your data, including the state in which your data is in. This will ensure your valuable data is encrypted and protected at all times.

Encryption in transit: This means encrypting data while it is in motion between devices and networks or is being transferred to the cloud. Encryption in transit occurs between the backup source (a machine, server, Salesforce, Microsoft 365, Google Workspace, etc.) and the backup destination (Unitrends Cloud, Spanning-managed storage in S3, customer-managed storage, to name a few). It is like putting your data in an armored vehicle before being transported.

At Spanning, we use the respective app model and best practices for each SaaS provider in combination with OAuth2.0. This means all backups are transmitted securely, making it impossible for intruders to steal the data while its being backed up.

Encryption at rest: This means encryption of data once it resides on a storage at rest or the backup destination. In simple terms, encryption at rest is like keeping your valuable information in a vault and securing it with a PIN, password or key. In data encryption, a key is used to encrypt and decrypt data to prevent hackers from gaining access to data even if they have physical access to the device. This can be done with a Spanning-managed key hosted in Amazon Web Services (AWS) or a customer-provided key hosted in AWS. This also means that even if hackers manage to steal data from a backup solution provider, they still will not be able to do anything with it since they do not have the key.

Key management services like AWS Key Management Service (AWS KMS), Azure Key Vault, Google Cloud Key Management and others, allow easy management of cryptographic keys. Key management ensures the security of your keys and also provides an easy way to control and access your data.

With AWS KMS, you can easily create cryptographic keys to encrypt your data stored in the cloud and control the use of the keys across a wide range of AWS services. AWS KMS uses hardware security modules (HSM), and the keys are validated under the FIPS 140-2 Cryptographic Module Validation Program, making the service highly secure and resilient. The centralized key management system allows you to import, rotate, delete, manage permissions and define policies on keys.

Azure Key Vault allows you to securely store and access secrets API keys, passwords, certificates, cryptographic keys and so on. The cloud service enhances security and control over your cryptographic keys and other secrets using FIPS 140-2 Level 2 and Level 3-validated HSMs. Azure Key Vault allows you to easily create, import and define access policies to control access to your secrets.

A centralized key management system provides multiple benefits to businesses, including:

The Advanced Encryption Standard (AES), also known as Rijndael, is the most widely adopted and trusted symmetric encryption algorithm. In fact, AES encryption is the U.S. Government standard for encryption. AES is a cryptographic algorithm used to protect digital assets. AES was developed to replace the Data Encryption Standard (DES) algorithm after the National Institute of Standards and Technology (NIST) recognized that the DES was growing vulnerable with advancements in cryptanalysis.

AES supports three keys with 128-bit, 192-bit and 256-bit key lengths. AES 256-bit encryption is considered to provide the highest level of security. Due to its speed, resistance to attacks and compatibility, the U.S. Government and countless non-governmental organizations worldwide use AES encryption to protect their confidential data.

Bring Your Own Key (BYOK) is an encryption model that allows customers to use their own encryption software and keys to encrypt and decrypt data stored in the cloud. This gives you more control over your data and management of your keys. BYOK adds an additional layer of security to your confidential data. You can use the encryption software to encrypt data before sending it to your cloud service provider and decrypt is using your key upon retrieval.

Did you know that as of 2022, more than 60% of all corporate data is stored in the cloud?

Cloud offers multiple benefits, such as increased agility, scalability, productivity, reduced costs and so on. However, there are some critical security issues that you must be aware of, like data privacy and control, lack of visibility, programmatic errors and unauthorized access, to name a few. Your cloud service provider actually controls your backups stored in the cloud. Its no surprise data loss and leakage (69%) were the top cloud security concerns in 2021, followed by data privacy/confidentiality (64%). To address these issues, businesses like yours can leverage BYOK encryption, which allows you to encrypt data before transmitting it to the cloud, and the best part is, the key to your backups lies with you.

Spanning Backup for Google Workspace, Microsoft 365 and Salesforce offers Customer-Managed Encryption Keys or Bring Your Own Key, which gives you increased control over your companys data. Additionally, it allows you to control cloud service providers level of access to your data and enables you to suspend or shut off access at any time, thereby mitigating risks related to data security. Our encryption key self-management also provides data access transparency into how keys are used, as well as greater control via best practices in limiting key access.

Spanning protects your SaaS data with 256-bit AES object-level encryption, with unique, randomly generated encryption keys for every single object and a rotating master key protecting the unique keys. Additionally, Transport Layer Security (TLS) encryption is used to protect all data in transit.

Discover how Spanning provides end-to-end protection for your SaaS data.

Request a Demo Today

The rest is here:
Backup Encryption: What It Is and Why Its Important for Data Security - Security Boulevard

On July 29, 2022, Community Surgical Supply Inc. (CSS) reported a data breach after the company discovered that some of its files had been encrypted and were accessible to the unauthorized party that orchestrated the cyberattack. According to the CSS, the breach resulted in the names, addresses, drivers license numbers, government identification numbers, passport numbers, Social Security numbers, and dates of birth of 66,115 individuals being compromised. After confirming the breach and identifying all affected parties, Community Surgical Supply began sending out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Community Surgical Supply data breach, please see our recent piece on the topic here.

The information about the Community Surgical Supply Inc. data breach comes from an official notice the company filed with various state government entities. Evidently, on October 5, 2021, Community Surgical Supply first learned of the incident when employees noticed that certain company files were encrypted. In response, CSS took the necessary steps to secure its network and then worked with cybersecurity professionals to investigate the incident. On July 1, 2022, the companys investigation confirmed that an unauthorized party was able to access portions of the Community Surgical Supply network and that the compromised files contained sensitive consumer information.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Community Surgical Supply began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the breached information varies depending on the individual, it may include your first and last name, address, drivers license number, government identification number, passport number, Social Security number, and date of birth.

On July 29, 2022, Community Surgical Supply sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. Based on the most recent estimates, the CSS data breach affected 66,155 individuals.

More Information About Community Surgical Supply Inc.

Founded in 1962, Community Surgical Supply Inc. is a medical supply manufacturing company and retailer based in Toms River, New Jersey. The company supplies specialized healthcare products to patients, nurses, dieticians and respiratory therapists, including respiratory, enteral nutrition, sleep and infusion therapy products and services. Community Surgical Supply employs more than 775 people and generates approximately $226 million in annual revenue.

In the data breach letter Community Surgical Supply Inc. sent to victims of the recent data security incident, the company mentioned that it first learned it was the victim of a cyberattack when it noticed certain files on its network had been encrypted. Encryption is common in the IT world, and while encryption is frequently used for a wide range of legal purposes, it is also the weapon of choice among hackers.

Encryption is a process that encodes files, making them inaccessible to anyone without an encryption key. Individuals and companies encrypt files every day to protect sensitive data. However, cyberattacks also use encryption when orchestrating a ransomware attack. So, while CSS did not explicitly say that the company was the victim of a ransomware attack, based on its data breach letter, its a good indication that was the case.

A ransomware attack is when a hacker installs a specific kind of malware on a victims computer that encrypts some of all of the files on the device. When the victim logs back on, they will see a message from the hackers demanding the victim pay a ransom if they want to regain access to their computer. If the victim pays the ransom, the hackers decrypt the filesor at least they are supposed to. Generally, hackers honor their commitment to decrypt files after a ransom is paid because, if they didnt, there would be no incentive for any company to pay a ransom.

However, to compel companies that may be on the fence about paying a ransom, some hackers have started to threaten to publish the stolen data if the company does not pay the ransom. However, the FBI advises companies not to pay ransoms following a ransomware attack because doing so keeps these attacks profitable. This is similar to the line of reasoning why the government doesnt negotiate with terrorists. Of course, companies that experience a ransomware attack are in a difficult position because they would undoubtedly prefer to quietly pay a ransom to avoid news of the breach becoming public.

However, companies canand shouldtake preventative steps to avoid becoming the target of a ransomware attack rather than trying to mitigate the damages of an attack after-the-fact. Still, despite the widespread knowledge of the risks of ransomware attacks, many companies fail to devote adequate resources to their data security systems.

The rest is here:
Community Surgical Supply Inc. Reports Data Breach After Unauthorized Party Encrypts Files Containing Sensitive Consumer Information - JD Supra