Joe Marsella, CTO EMEA, Ciena
Joe Marsella, CTO EMEA, Ciena

Not a week goes by without news of high profile cyber-attacks hitting all kinds of organisations, including banks, telcos and social media platforms. These events cause major data breaches and leave customers reeling from having their privacy comprised.  Last year alone, nearly 300 million records and US$1 billion (£800 million) dollars was stolen through cyber-attacks, including medical files, bank details and social security information. Loss of such information seriously damages a corporation's bottom line and reputation. It can also expose highly sensitive information about customers who trust these corporations to protect their privacy.

Preventing data breaches is a pressing problem for companies in Europe that are preparing for the formal adoption of General Data Protection Regulation (GDPR) in May 2018. The regulation will mean firms can face crippling fines of up to four percent of global revenue if customer data is leaked as a result of weak security postures.

The pressure to become GDPR compliant has led to 37 percent of companies deploying encryption strategies across their enterprises. However, this is not enough if organisations are to truly protect themselves. Many strategies are incomplete, focusing only on data that is at rest within a company's servers or in the cloud. This creates a systems vulnerability when sensitive corporate data is transferred from one server or device to another. It means that encrypting data in-flight between locations is mission-critical.

Fibre optic cables carry huge volumes of traffic across the world, from consumers streaming the latest TV series to hospital trusts sharing confidential patient information. Yet these cables are often easily accessible and unprotected. Many are clearly marked to reduce accidental fibre cuts, making them an open target for hackers.

Historically, companies have viewed the protection of cables and the data they carry as unnecessary preferring to trust protection to higher layer applications. Fibre was difficult to reach and the technology to tap into it prohibitively expensive. However, in recent years this has changed. Tapping equipment has become cheap and easy to access. Indeed, anyone can shop online for the tools needed to divert data from the fibre. Tutorial videos are available online to teach those with malicious intensions how to steal sensitive data.

The worst part of a data breach from fibre is that it can happen without the provider even noticing. An operator might observe some errors or a loss on the optical line but will not notice that in-flight data is being intercepted. As a result, a network could be compromised for a long time without detection with terabits of unencrypted information falling into the wrong hands for days, weeks or even months.

To ensure the protection of eco-systems across the board, firms need to deploy certified in-flight encryption solutions. Not only does it camouflage data traffic so it cannot be interpreted or altered, it can also result in efficiencies for a business overall. By encrypting at the lowest level, the optical transport layer, companies can ensure that all data is safeguarded without the need for multiple application-specific solutions. These are time-consuming, add service latency and increase the overall risk of some data leaving the premises un-protected.

With data breaches showing no signs of slowing down and GDPR imminent, companies can no longer ignore the threat of cyber-attacks or unsecured data. A comprehensive IT security approach, which includes protection and encryption of both data at rest and in-flight, will significantly reduce the number of business-critical breaches in the years to come.

Contributed by Joe Marsella, CTO EMEA, Ciena