The fight between Apple and the FBI brought the concept of using backdoors to break encryption to the mainstream. The initial battle may have ended with the FBI hiring someone to hack into the phone (and I have to ask – was anyone surprised that an outside hacker was able to do the deed?).
The battle from Apple’s point of view also drew a lot of support from tech companies and IT professionals. A new study from Spiceworks provides some insight as to why IT pros are concerned about backdoors, encryption and overall security. In general, IT pros believe the existence of backdoors, whether they are there for government agencies, law enforcement, or anyone else, puts their company at greater risk of a cyberattack or data breach. The reason, according to the survey, is simple: Hackers are already very good at outsmarting security systems, and if backdoors are provided as a way to help solve legal and national security concerns, it is only a matter of time until hackers are using them for their own nefarious goals. Backdoors, the IT pros believe, put personal and financial data at greater risk.
The survey revealed something else that I found more surprising. Although 57 percent said that they believe encryption actually helped prevent a data breach, encryption isn’t as widely adopted as a security layer as one would think, as the Spiceworks report stated:
Nearly half of our respondents said they encrypt data in transit to and from laptops/desktops, and the same goes for servers. Additionally, 47 percent of organizations encrypt data coming and going from cloud computing resources as well as data in transit from cloud storage services.
Encryption drops with data at rest, with only a third or fewer using it for at-rest data on computers, servers or the cloud. Data on mobile devices and the Internet of Things get encrypted even less.
With this lack of encryption, maybe there isn’t a need for backdoors. That hasn’t stopped Congress from reacting to the Apple-FBI debate, according to ZDNet:
The draft law, dubbed the Compliance With Court Orders Act, written by Sens. Richard Burr (R-NC) and Dianne Feinstein (D-CA), respectively the chairman and ranking member of the Senate Intelligence Committee, will compel phone manufacturers and software developers to allow the government access to encrypted data with a court order.
Although the bill is widely panned and almost no one believes it will pass, it shows that we all have a way to go to figure out the intersection between cybersecurity and national/public security. Right now, on both sides, none of us is doing enough.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.