Question

What are the type(s) of cybersecurity issues that encryption may not be able to solve?

Answer 1

Encryption and decryption is a part of cryptography and cryptography does not solve security problems, it just solves data access restrictions. Security is a whole concept of its own and encryption is just a small part of it. Which means, if a piece of data was easily accessible to the attacker before encryption, encrypting it would not transform the problem in any way. The attacker just needs to move and change the angle of attack a bit to find the weakest link. Some types of issues which cannot be solved by encryption are:

Insider threat: Encryption is as good as securing the credentials which is used to access the data. So, an insider only has to tweak the credentials of the administrators who have access to the encrypted data. Also, if someone knows the type of encryption being used, or the key which is being used, encryption can be nullified and the attacker gets full access to the data. A classic example of this are the activities of Edward Snowden.

Attacks on system integrity: Malware and virus attacks are integrity attacks, and irrespective of the encryption technique used, if there is no integrity in the system, the attacker will be successful in leaking the information. An example of this attack is the Target compromise where the end result was loss of customer credit card data.It was not caused by the lack of encryption, but because of a compromise of the machine reader software, database configuration and security layer components.

Misplacing the encryption key: Encryption requires a key to encrypt and decrypt the file. Encryption cannot secure the data if someone misplaces the key and the lost data can never be recovered. Moreover, if a third party or an attacker gets hold of the key, he can directly use the key to decrypt the encrypted data and get access to sensitive information.