Most people are aware of the value of certain items like currencies, artwork or jewelry. What is harder for many to grasp is that data now has a similar value to all of these items. In fact, in a digital world, even currency has now literally become data.
There are numerous ways of protecting data the same way there are also numerous ways in which data can be accessed, used, stolen, altered or even destroyed. Each means of protecting data protects it from a different type of threat. Encryption is one means of protecting data but it does not protect it from all types of threats. Here is an overview of encryption: what it is, how it works and why it is important.
What Is Data Encryption?
Encryption is simply the substitution of one letter or symbol for another. Most of us are familiar with a very basic form of encryption you might have used in school, known as a substitution cipher. With a substitution cipher, you would write a message using a different letter of the alphabet for each letter. For instance, you might use 3 letters forward, which would make an A a D, a B an E and so forth. The "key" to decrypting the message was the number of letters forward or backward you needed to move. If anyone intercepted the message it would simply be gibberish to them unless they knew the decryption key.
Needless to say, digital encryption is significantly more advanced than these simple methods we may have employed in childhood, but the concept is still the same. Digital encryption is based on bits. The more bits you have, the higher the level of encryption. One way to think of it is that each bit is a "step", so for instance, if you had 8-bit encryption, the encryption key might look something like this:
- 2 letters forward
- 8 letters back
- 12 letters forward
- 18 letters back
- 2 letters forward
- 19 letters back
- 8 letters forward
- 22 letters back
While this may seem like an incredibly complicated process, this type of encryption would be incredibly simple to break because each substitution would remain the same. One of the easiest ways to break an encryption key is to simply start looking for single letters or words with only two letters. The possibilities for those words is very limited, so once you have narrowed down the possibilities for those words, you can simply start working on longer and longer words. Once you figure out the pattern, you can break the code and decrypt any further messages with ease.
As a result, modern encryption methodologies pull from a wide range of substitutions rather than just moving backward and forwards in the alphabet. For instance, imagine an encryption key that looked something like this instead:
- 14 letters forward
- 18 letters back
- The corresponding numerical letter on page 8 of War & Peace
- The corresponding numerical letter from Genesis chapter 6
- The corresponding numerical letter from the Declaration of Independence
- The corresponding numerical letter from page 176 of Jane Eyre
Needless to say, even though the resources used are publicly available digitally, this cipher would be nearly impossible to break without a key because the pattern would be entirely random. An S in one sentence might convert to a B after being run through the encryption key, but be a G in another. 128-bit encryption keys are considered to be nearly impossible to break just due to how many possibilities there are but many of the most powerful agencies have actually adopted 256-bit encryption instead.
Why You Need Data Encryption
Stolen data doesn't do the thieves a whole lot of good if they can't even read what was stolen. Without an encryption key, decrypting most data is nearly impossible.
What Data Encryption Does Not Protect Against
Encryption is not a protection against all the many things that can be done to your data. An employee, for instance, would still be able to access, change or manipulate data, as would anyone with valid login credentials. Encryption also does not protect against worms, viruses or other threats to your data. In some cases, cybercriminals are not interested in reading your data so much as destroying it, in which case, encryption does not help. Encryption is merely meant to be one of many ways of protecting your stored and transmitted data.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.