DOC RABE Media - Fotolia
Encryption has long been upheld as the gold standard for data protection. Enterprises apply cryptography to encode high-value information, so only authorized users can access it. Simply put, when encryption is applied to protect communications, the message is scrambled, so unauthorized users can't intercept it. Only authorized users with the right keys can unlock and unscramble the message.
Hackers hit back
Unfortunately, as with virtually every other IT security mechanism, hackers have found ways to crack cryptocodes, breaching what is commonly thought of as fail-safe protection.
While encryption codes can be difficult to crack, increasingly sophisticated cybercriminals are applying technology to accelerate the process. Armed with reverse-engineering tools, hackers can file through billions of key combinations in seconds. Increasingly, hackers also file away encrypted messages to crack later.
Perfect forward secrecy and other techniques
When hackers steal the private keys, they can unlock data from both encrypted future and past sessions. Cryptographers came up with a scheme to safeguard past-session data in the 1990s, but it was not widely implemented until well after the turn of this century.
That scheme, perfect forward secrecy (PFS), uses a mechanism to create a new key every time a user sends a new instant message. Today, it's primarily used to secure data communications in messaging apps, but its use is not widespread in other areas of web communications. Though every current browser can initiate a PFS session, many HTTP sites aren't compatible.
Perfect forward secrecy support on a site can be tested with tools. Users can also apply other good practices to avoid future issues, such as deleting decrypted messages or moving them to a more secure device.
Double ratchet, meantime, is used to underpin secure mobile messaging apps, like Wickr and Signal. Double ratchet attaches a new encryption key for every individual message, even if the message is part of a string between two individuals.
Tools like these will help enterprises ensure their mobile data is protected, but organizations will always have to exercise an abundance of caution when sharing private information -- even when those communications are encrypted.
Dig Deeper on Network Security Monitoring
Related Q&A from Amy Larsen DeCarlo
Security policies, optimal service levels, configuration changes and even cost control measures all encompass the different types of network ... Continue Reading
AI network monitoring has great potential, but companies need to pare down the number of network monitoring tools they use now in order to reap AI's ... Continue Reading
Multi-tenant public cloud monitoring can pose significant challenges. Luckily, some tools can help track these environments and even flag potential ... Continue Reading