With the widespread use of the internet and the ease with which information can be accessed in today’s world, data security is the primary concern of technology leaders. Unauthorized access to data can lead to data breaches, which could be devastating for companies and individuals. Service discontinuity because of a system breach has the potential to severely and irrevocably disrupt business in the form of financial and reputational damage. Therefore, the a growing need for companies and individuals alike to implement data security through various measures. Data encryption, hashing, and tokenization being the frontrunners in this vertical.
Encryption and Hashing – A Birdseye View
Encryption is the process by which algorithms convert data into a string of characters called ciphertext, which is transmitted to the receiving party. Once received, the ciphertext is decrypted with a decryption key. There are many types of encryption algorithms, which all involve different ways of scrambling and then retrieving information. In general, there are 2 types of encryption – symmetric and asymmetric encryption. Symmetric encryption involves the use of the same key to encrypt and decrypt data. A new key is created for every transaction and also needs to be sent which is risky. Asymmetric encryption is when the sender uses the receiver’s public key to encrypt the data and the receiver uses his private key to decrypt it. Data cannot be decrypted without a private key. This type of encryption is used in HTTPS and bitcoin. Interestingly, keys are designed in such a way that it is not possible to design a decryption key even from having access to an encryption key.
Hashing is a technique in cryptology where data is converted into a string of characters with a fixed length, called a hash. It’s a one-way process, meaning that you cannot retrieve the input data from a hash. This is why hashing is one of the most widely used techniques to store passwords. Even if an attacker knew the hashing algorithm for a password, it would be nearly impossible for them to extract data from a hash. This is because hash functions are designed in such a way that it is easy to go forward (find H(a) given a), but practically impossible to go backward (find a given H(a)). How is this possible? Well, consider this – what’s easier, factorizing 851 or multiplying 23 and 37? It’s easier to do multiplication, especially for a computer, as it’s a straightforward and quick process. In fact, this mechanism forms the basis of some hashing algorithms like RSA. Other popular hashing algorithms include MD5, SHA1, and SHA2.
Considering the current developments in communication and IT systems, companies should deem data security a top priority with the principles of the CIA (confidentiality, integrity, and availability) triad as a framework. Data security technologies are amongst the central pillars of Cyber Risk Mitigation. Stakeholder interests and investment needs to reflect this as such, in financing initiatives for the pursuit towards a robust, hygienic, and healthy Cyber Security posture.