Imagine if Amazon was hacked. Someone initiated a payment on the system but instead of providing payment information, they send the system malware, encrypted to avoid detection. Say Amazon hadn't been expecting this kind of hack and so, doesn't inspect incoming encrypted information. This malware then begins to send information back but it still has not been detected. The next day, someone somewhere would have millions and millions of legitimate credit cards and personal information about the cardholders. Purchases could be made across the globe before anyone ever realised that their information was taken from the Amazon site. 

This is now a very real threat companies are facing: the use of encryption technology to disguise malware, facilitating attacks. Hackers are getting smarter. Yahoo's compromised server was likely hit with malware disguised with encryption. Yahoo has 500 million users worldwide, and thus the magnitude of the hack was immense and very concerning given the amount of information we keep on email these days.

Why encrypt traffic? 

Roughly one-third of all internet traffic is encrypted. Encryption is used for everything including Skype, messaging applications, email accounts and companies like Netflix. Facebook, Twitter and LinkedIn all use SSL but have been targeted previously and have inadvertently leaked data as a result. 

Sites like Wired.com have this month encrypted all traffic going to and from their servers. This means that no one wishing to sabotage the site can modify the content on it or lift any information customers input on their site, such as email addresses. 

The necessity for encrypting all confidential information was laid bare with successful high-profile hacks like that performed on Ashley Madison and LinkedIn this year. Whole databases of customers and their log in information was released to the public. It would seem the companies themselves were not using ciphers to store information or if they were, they were somewhat simple. 

According to a new report by A10 Networks and Ponemon Institute, hackers are increasingly using encryption to hide malware, enabling it to sneak undetected into systems. In some cases, it has been found hidden in the system for up to five years! It is ironic that the software that was built to secure confidential personal data is being used to disguise malware attacks.

They also found that 75% of survey respondents reported they were completely unprepared to detect this encrypted malware. Companies should be looking at decrypting and inspecting all traffic cloaked in SSL.

Detection has one drawback, however; it slows network performance. 

It is thought around 50% of all cyber attacks are perpetrated with the use of SSL encryption technology.

So what are the best types of encryption technology available?

• Blowfish/Twofish: Blowfish jumbles messages up and codes them. Blowfish and its successor Twofish are free services and regarded as among the best in the market.

• Secure Sockets Layer (SSL) cryptography: SSL is one of the most commonly used forms of encryption technology, protecting data en route from server to web browsers such as payment information on sites like Amazon. 

• HTTPS: This is the standard HTTP protocol with an extra layer of encryption on top. Google and Facebook both now use HTTPS protocol. This protocol is based on new technology that has largely superseded SSL, called Transport Layer Security. A large number of sites now use this technology to encrypt, at the very least, their login page.

• Advanced Encryption Standard (AES): AES is the encryption service used by the US Government, as well as a number of organisations worldwide. AES uses large keys of between 192 and 256 bits for heavy duty encryption purposes. A 256 bit cypher would be difficult to decode, except for one attacking it with brute force.

What can you do right now to avert such an attack? Firstly, if you are storing customer information, use a cipher to protect those details from sabotage. Therefore, if a hacker did gain access, it would make it a little more difficult for them to get information. Secondly, improve your security. Protect your customers and your business will do well. It may cost more but it is worth it.

Cyber attacks evolve with the times and it is important businesses do stay ahead of the curve. It will have a knock-on effect on convenience and it will take a little longer, but the benefits outweigh the risks. 

The single most important thing you can do today is look at integrating a decoding system into your server, which can decode all incoming encrypted information. This can sift through the information and determine whether any of it is malicious. It could save you millions. Hackers are getting smarter, but so too are businesses.