Ron Zayas, CEO of Ironwall, tackles a sobering question: why do attackers keep harvesting encrypted data—and why are organizations so complacent about it?

Zayas notes that it’s not just “foreign” apps scooping up information; domestic platforms often collect just as much. The real issue is that organizations and individuals alike have adopted a mindset that encryption equals safety. Once data is encrypted, the assumption is that it’s no longer a valuable target. Attackers know better.

The reality is that adversaries don’t need immediate access. They stockpile encrypted data today with the expectation that tomorrow’s computing advances—whether through stronger GPUs, distributed cracking methods, or eventually quantum computing—may unlock it. Even without decryption, metadata alone can offer significant intelligence: who is communicating, how often, and from where.

Zayas stresses that the problem stems from a lack of visibility and a culture of misplaced trust. Too often, organizations treat data protection as a checkbox, without considering how that data might be exploited down the line. The result is a dangerous blind spot: sensitive information gets collected, encrypted, and stored indefinitely, creating a treasure trove for attackers who are playing the long game.

The conversation highlights the need for better data hygiene: minimize collection, limit retention, and apply zero-trust principles to the entire data lifecycle. Encryption should be seen as one layer of defense—not a license to assume information is permanently safe.

The key message: adversaries are patient, resourceful, and willing to wait years for today’s encrypted files to become tomorrow’s exposed secrets. Treating encryption as the end of the security story leaves organizations vulnerable to exactly that outcome.