What is encryption and where is it relevant in a cyber security professional’s job?
- Rajinder Singh
- Nov 19, 2024
- 2 min read
Encryption is a process of conversion of plain text to unreadable ciphertext with the help of a mathematical algorithm and an encryption key. Encryption is reversible which means a ciphertext can be converted back into plaintext. Its purpose is to protect data from unauthorized access or modification and be accessible only to authorized parties.
If we take the case of World War 2, the Germans were using the Enigma machine to encrypt all their communications which was described as Unbreakable. A team of Polish and British codebreakers, led by Alan Turing, were able to crack the code and read encrypted messages. This allowed them to read German military communications and provided valuable intelligence to the Allies.
If we take the case of Whatsapp, when a user sends a message, it is encrypted and the encryption keys are generated on the user's device and are not stored on WhatsApp's servers. The receiver’s device then uses the same encryption keys to decrypt the message, ensuring that only the intended receiver can read it. To prevent Man In The Middle (MITM) attack, whatsapp uses end to end encryption by default. This makes it very difficult for anyone, including WhatsApp or any other third party, to intercept and read the messages being sent between users.
Here are some examples of encryption where it is relevant in cyber security professional’s job:
Network Security - To avoid eavesdropping and tampering of data, encryption is used to securely transmit data over networks.
Web Security - Web communications are secured using Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols to protect online shopping, banking and other sensitive transactions.
Data Storage - Most of our data is stored on devices such as USB drives, hard drives and cloud storage. Encryption ensures that the data cannot be accessed by unauthorized parties.
Compliance - Encryption is a requirement for compliance with industry regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI-DSS)
As a cyber security professional, one has to identify where old encryption methods are used. In such cases, even if an organization has a robust security architecture an attacker might still be able to decipher encrypted messages or data compromising confidentiality.