Latest news with #dataencryption
Forbes
01-07-2025
- Forbes
The Quantum Conundrum: Inside The Race To Future-Proof Cybersecurity
Srinivas Shekar, Founder and CEO, Pantherun Technologies. Most people don't think about it daily, but data encryption is vital to our lives. Secure encryption technology is used to protect the data on your mobile device, laptop, hard drive and the cloud, as well as anything sent by text or email, just to scratch the surface. Any valuable data that is digitally stored, sent or spent is likely to be encrypted. That turns out to be essential for secure finance, defense, telecom, health, commerce and many other services. Fortunately, those services—and all that data—are very safe, thanks to Advanced Encryption Standard (AES) 256, the gold standard of data encryption today. How safe? Well, to systematically try every possible key in an AES-256 encryption until the correct one is found (known as a 'brute force' attack), a hacker would have to try up to 1.16×1077 possibilities. Written out, that number looks like this: 116,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 If a hacker tried one potential decryption key per second, it would take them three hundred sixty-eight quattuordecillion years to attempt all possible keys. That is 3.6×1041 million years (360, followed by 42 zeroes)—about 1,060 times longer than the age of the known universe. So, pretty darn safe. But in this world of rapidly accelerating technology change, cybersecurity leaders and end users alike are starting to ask, "Safe for how long?' The reason is quantum computing. How Quantum Computing Challenges Encryption Fully functional quantum computers capable of undermining today's strongest encryption methods are not expected for at least 10 years (and probably quite a bit longer) However, there are already quantum formulas like Shor's Algorithm, which uses quantum superpositioning to try an exponential number of possibilities all at once, and Grover's Algorithm, which leverages probability hacks to reduce the number of guesses needed in a brute force attack to the square root of the total number of possible solutions. With Grover's algorithm, for instance, a 256-bit key can be simplified down to a 128-bit key, at which point it is easier to successfully guess the correct key. (Roughly, it is like picking an unknown card out of a full deck in just seven guesses, rather than trying all 52 cards, one by one.) While that is still not a big enough advantage to threaten AES-256 encryption today, those responsible for data security do need to start planning for its eventual vulnerability. Here's why: • AI: Although quantum computing is probably at least 10 to 20 years away, AI may accelerate its arrival more than we imagine, by developing quantum algorithms, improving qubit layouts, reducing error rates or discovering materials to solve quantum hardware issues. • Harvest Now, Decrypt Later: Playing the long game, some thieves are stealing encrypted data today to access it in the future. Even currently 'invincible' encryption standards like AES-256 may not be enough to permanently protect highly valuable data. • Rapid Access: When quantum computing does come into force, the technology could be consumerized very quickly, giving any number of bad actors ready access to encryption-weakening capabilities. How To Prepare Today For The Post-Quantum Future According to a U.S. security memorandum, quantum computing will 'jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure and defeat security protocols for most Internet-based financial transactions.' Organizations responsible for data security cannot afford to wait for this tsunami of threats to arrive before building a new sea wall. But what can organizations do today to begin solving the quantum conundrum? 1. Upgrading Encryption: If your organization is still using less secure encryption methods like RSA, DH, DSA and ECC, you must urgently update your security protocols. These methods are already vulnerable to Shor's algorithm and should be replaced as soon as possible. Even AES-128 will likely no longer be secure enough for high-value data when quantum computing arrives. 2. Post-Quantum Cryptography (PQC): PQC employs hard mathematical models like lattices and multivariate equations to make encryption quantum-resistant. It is already being used by companies like Google, Microsoft and IBM. But many PQC solutions require enormous computing power and introduce latencies, making them impractical for low-compute or real-time scenarios. 3. Out Of Band Solutions (OOB): OOB methods transmit keys outside of the communication channels typically used to send encrypted data—for instance, by satellite or physical transfer on a USB key. Because they are not on the same digital network as the data, they cannot be broken by quantum computers, even in the future. However, scaling OOB is challenging. Satellite transmission is limited by infrastructure, and manual transfer methods are subject to human error. 4. Quantum Key Distribution (QKD): QKD is a kind of OOB key transfer solution accomplished by firing single photons representing binary code over fiber optic cable. Since measuring any quantum state automatically disturbs it, interference is impossible without detection, making QKD theoretically unbreakable. However, QKD requires specialized hardware, has limited range and is prohibitively expensive for most industries. 5. Keyless Encryption: One more quantum-resistant approach to key exchange is to not have a key in the first place. With keyless encryption, keys are assembled from user data, key data fragments or using ephemeral code, which obfuscates decryption data in such a way that no quantum algorithm could ever guess it. Randomly located pieces of transmitted data can be used, for example, to form temporary keys that can be read only by an authorized receiver using the same technology. This approach solves the quantum conundrum at a low cost and with zero latency. As a relatively new solution, however, keyless methods currently lack widespread standards, posing challenges for interoperability and regulatory compliance. To take full advantage of this novel solution, greater adoption is needed by standards organizations and industry groups. Conclusion Most of us rarely think about data encryption, as it quietly impacts nearly every part of our digital lives. AES-256 is incredibly strong today, but with both AI and cybercrime accelerating rapidly, the clock is ticking fast. Organizations must act now to solve the quantum conundrum—or risk waking up some day to find their most sensitive data suddenly exposed. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Reuters
30-06-2025
- Reuters
Swiss government says it was affected by cyberattack on health foundation
FRANKFURT, June 30 (Reuters) - Switzerland said on Monday that a cyberattack on the non-profit health foundation Radix that involved data being stolen and encrypted had also affected the federal administration. In a statement, Swiss federal authorities said that Radix's customers include various federal offices and that data have been published on the dark web in the wake of the attack, without specifying the data. Authorities are trying to determine the specific units and data affected by the attack, the statement said, adding that the attackers did not break directly into state-run data systems.
Zawya
26-06-2025
- Business
- Zawya
Nearly half of companies in the UAE opt to pay the ransom, Sophos report finds
Dubai, United Arab Emirates – Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released its sixth annual State of Ransomware report, a vendor-agnostic survey of IT and cybersecurity leaders across 17 countries that studies the impact of ransomware attacks on businesses. This year's survey found that nearly 50% of companies globally paid the ransom to get their data back – the second highest rate of ransom payment for ransom demands in six years. While 43% of organizations in the UAE that had data encrypted paid the ransom, 30% of them paid less than the original demand. Globally, in 71% of cases where the companies paid less, they did so through negotiation – either through their own negotiations or with help from a third party. In fact, while the median global ransom demand dropped by a third between 2024 and 2025, the median global ransom payment dropped by 50%, illustrating how companies are becoming more successful at minimizing the impact of ransomware. Overall, the median ransom payment in the UAE was 1.33 million dollars, although the initial demand varied significantly depending on organization size and revenue. Across the globe, the median ransom demand for companies with over $1 billion in revenue was five million dollars, while organizations with $250 million revenue or less, saw median ransom demands of less than $350,000. Exploited vulnerabilities were the number one technical root cause of attacks in the UAE, while 49% of ransomware victims said adversaries took advantage of a security gap that they were not aware of – highlighting organizations' ongoing struggle to see and secure their attack surface. Overall, 54% of UAE organizations said resourcing issues were a factor in them falling victim to the attack, with one third citing a lack of expertise and 30% reporting a shortage of expertise. Additionally, the report reveals that the impact of ransomware attacks on data in the UAE remains significant. In 55% of the attacks, data was successfully encrypted, surpassing the global average (50%). In 43% of those cases, data was also stolen, much higher than the 28% global rate. Despite this, 98% of affected organizations recovered their data, with 68% using backups and 43% opting to pay the ransom, highlighting both strong recovery strategies and ongoing challenges. 'For many organizations, the chance of being compromised by ransomware actors is just a part of doing business in 2025. The good news is that, thanks to this increased awareness, many companies are arming themselves with resources to limit damage. This includes hiring incident responders who can not only lower ransom payments but also speed up recovery and even stop attacks in progress,' says Chester Wisniewski, director, field CISO, Sophos. 'Of course, ransomware can still be 'cured' by tackling the root causes of attacks: exploited vulnerabilities, lack of visibility into the attack surface, and too few resources. We're seeing more companies recognize they need help and moving to Managed Detection and Response (MDR) services for defense. MDR coupled with proactive security strategies, such as multifactor authentication and patching, can go a long way in preventing ransomware from the start.' Additional Key UAE Findings from the State of Ransomware 2025 Report: Exploited vulnerabilities were the most common technical root cause of attack, used in 42% of attacks. They are followed by malicious emails, which were the start of 23% of attacks. Compromised credentials were used in 18% of attacks Business impact of ransomware Excluding any ransom payments, the average (mean) bill incurred by organizations in the UAE to recover from a ransomware attack in the last year came in at $1.41 million, below the $1.53 million global average. This includes costs of downtime, people time, device cost, network cost, lost opportunity, etc. Organizations in the UAE recovered swiftly from ransomware attacks, with 63% fully recovered up to a week, notably above the 53% global average. 15% took between one and six months to recover, below the 18% global average. Human impact of ransomware on IT/cybersecurity teams In organizations where data was encrypted: 40% reported increased pressure from senior leaders. 37% say the team's workload has increased since the attack. 42% report increased anxiety or stress about future attacks. 18% have experienced team member absence due to stress/mental health issues. Ransomware remains a major threat to organizations in the UAE. As adversaries continue to iterate and evolve their attacks, it's essential that defenders and their cyber defenses keep pace. Sophos recommends the following best practices to help organizations defend against ransomware and other cyberattacks: Take steps to eliminate common technical and operational root causes of attacks, such as exploited vulnerabilities. Tools like Sophos Managed Risk can help companies access their risk profile and minimize their exposure. Ensure all endpoints (including servers) are well-defended with dedicated anti-ransomware protection. Have an incident response plan in place and tested for when things go wrong. Have good backups and practice restoring data regularly. Companies need around-the-clock monitoring and detection. If they do not have the resources in-house for this, they can work with a trusted managed detection and response (MDR) provider. Data for the State of Ransomware 2025 report comes from a vendor-agnostic survey of 3,400 IT and cybersecurity leaders in organizations that were hit by ransomware in the previous year. Organizations surveyed ranged from 100 – 5,000 employees and across 17 countries The survey was conducted between January and March 2025, and respondents were asked about their experience of ransomware over the previous 12 months. Sophos will be releasing additional industry findings throughout the year. Download the full State of Ransomware 2025 report here. Learn how MDR can neutralize attacks like ransomware in real-time by registering for the webinar Behind the Shield: Real-World Stories of Thwarted Ransomware Attacks here. Learn More About Attacker behavior and techniques in the 2025 Sophos Active Adversary Report Ransomware groups vying for dominance Ransomware groups using email bombing and vishing to launch attacks How Sophos successfully stopped an MSP 'supply chain attack' from the ransomware group DragonForce Sophos X-Ops and its threat research by subscribing to the Sophos X-Ops blogs About Sophos Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other everyday and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at
The Independent
25-06-2025
- The Independent
Best password managers 2025: Free and paid apps and extensions, tried and tested
Password manager FAQs Where are my passwords stored? Password managers keep passwords stored in a 'vault' that can only be opened using the combination of secret key and master password the first time you log in from a new device. It can then be opened using only the master password on subsequent attempts on the device. Many password managers also feature a companion app for iPhones or Android devices, using biometric information such as fingerprint scanners or facial recognition services to quickly log in to other apps. When logging in to a social media site, the password manager will pop up and ask for your face or fingerprint – log in, and it will automatically fill your name, password and any other necessary information. Some premium password managers offer different 'vaults' for family or businesses, meaning you can keep certain passwords private while sharing others safely with those who need them. How do I switch password managers? Many password managers have a tool that enables you to export data for use on another site. This usually means downloading the data as a CSV file – a type of spreadsheet file – and importing it into another service. Are password managers safe? As well as the aforementioned master password and the secret key – a long string of information unique to your account and very difficult to copy – password manager services keep your information encrypted using high-measure protocols, so, if a malicious individual accessed the company servers, the only data they would be able to gain would be unintelligible to them. Moreover, while these hackers have a range of tools at their disposal to try and get your personal information, companies can add behind-the-scenes prevention methods, such as phishing nets, to stop you unintentionally giving away personal data, and keylogger prevention that stops software from tracking your keystrokes and working out your password from that. Hackers have also been known to recreate browsers to deceive users, so these companies can also block their auto-filling service on websites that have not been digitally signed by the correct developer – something that hackers would struggle to recreate The verdict: Password managers If you're just starting out, Bitwarden is the best free password manager. It's open source, works across all your devices, and supports passkeys too. For most people, the free tier is more than enough, but you can always upgrade for extras like file storage and secure sharing. Willing to pay? 1Password is the best overall. It's secure and packed with loads of useful features like travel mode, breach alerts and shared vaults. If you prefer something more privacy-focused, Proton Pass is a close second, with open-source credentials, built-in 2FA and unlimited email aliases for hiding your identity online.
RNZ News
20-06-2025
- Health
- RNZ News
Tonga's health system hit by cyberattack
Dr ʻAkauʻola said that hackers encrypted the system and demanded payment. Photo: 123RF A team of Australian cyber experts flew to Tonga this week after the country's National Health Information System was breached, leading to a demand for payment from the hackers. Talanoa O Tonga reports the Health Minister Dr ʻAna ʻAkauʻola saying the system has been shut down, and staff are handling data manually. Dr ʻAkauʻola said that hackers encrypted the system and demanded payment, but she has assured MPs "the hackers won't damage the information" on the system. This system was introduced in 2019 with Asian Development Bank (ADB) support to digitise Tonga's health records before going "live" in 2021. Police Minister Paula Piukala was critical of past governments for ignoring warnings that Tonga's digital infrastructure is not fully prepared for these threats. Journalist Sifa Pomana said the hackers are demanding millions of dollars, according to Tonga Police. Residents are being urged to bring essential records to the hospital to help with manual record-keeping.
