® 
Encryption
Definition
Encryption converts readable data (plaintext) into unreadable data (ciphertext) using an algorithm and key. Only parties with the correct key can decrypt the data.
Encryption is the process of converting readable data (plaintext) into unreadable data (ciphertext) using a mathematical algorithm and a cryptographic key. Encryption forms the foundation of modern digital security, protecting billions of transactions, messages and files daily worldwide.
How does encryption work?
In encryption, data is encoded with an algorithm and a key. Only those with the correct decryption key can recover the original data. The strength of encryption depends on the algorithm, key length and implementation. Modern encryption algorithms such as AES-256 are considered unbreakable with current computing power.
Types of encryption
Symmetric encryption uses the same key for encryption and decryption. AES (Advanced Encryption Standard) is the most widely used symmetric standard. Advantage: fast and efficient. Disadvantage: both parties must securely exchange the key. Asymmetric encryption uses a key pair: a public key to encrypt and a private key to decrypt. RSA and elliptic curve cryptography (ECC) are common asymmetric algorithms. End-to-end encryption (E2EE) encrypts data on the sender's device and decrypts only on the receiver's device. No intermediary, including the service provider, can read the data. Hashing is technically not encryption but a one-way function converting data into a fixed-length hash, used for password storage and integrity checking.
Impact on organisations
Encryption is not optional but a requirement. GDPR explicitly names encryption as an appropriate technical measure for protecting personal data. With encrypted data, the breach notification obligation may be waived if it can be demonstrated that data is inaccessible to unauthorised parties. NIS2 requires appropriate security measures including encryption. PCI DSS mandates encryption of payment card data in storage and transit. The emergence of quantum computing poses a future threat to current encryption algorithms: post-quantum cryptography is being developed in preparation.
Protection
Encrypt data at rest and data in transit. Use proven standards: AES-256 for symmetric, RSA-2048 or ECC for asymmetric. Manage cryptographic keys securely via a Key Management System. Implement TLS 1.3 for all network connections. Avoid deprecated algorithms such as DES, RC4 and MD5.
How DEFION helps
DEFION evaluates encryption implementation as part of Security Assessments and pentests. Code Security Reviews assess whether cryptography is correctly implemented in applications. The advisory team assists in establishing robust encryption and key management policies.