Firms feel vulnerable to encrypted threats despite spending billions on cyber security
24 February 2016 |
CIOs admit to wasting billions on cyber security solutions that still leave them blind to new threats, according to the results of a new survey of global IT leaders.
A report from Venafi and Vanson Bourne has shown that CIOs feel vulnerable because the layered security defence tools they rely on “blindly trust” keys and certificates.
Due to this, 90 per cent expect to suffer an incident in which encrypted traffic is used to hide an attack – a potentially lucrative route for cyber criminals when 87 per cent of CIOs believe their defences are less effective as they cannot inspect encrypted traffic for threats.
Meanwhile, 86 per cent of those surveyed believe stolen encryption keys and digital certificates will become the next big market for hackers.
And nearly eight in ten say their core strategies to accelerate IT and innovation are in jeopardy because these initiatives introduce new vulnerabilities.
“Keys and certificates are the foundation of cyber security, authenticating system connections and telling us if software and devices are doing what they are meant to,” said Kevin Bocek, vice president for threat intelligence and security strategy at Venafi.
“If this foundation collapses, we’re in serious trouble. With a compromised, stolen or forged key and certificate, attackers can impersonate, surveil and monitor their targets’ websites, infrastructure, clouds and mobile devices and decrypt communications thought to be private.”
95 per cent of the CIOs surveyed said they are worried about how they will manage and protect encryption keys and certificates in light of Encryption Everywhere plans.
Research from last year showed that nearly two thirds of firms are worried that unsecured keys and certificates are losing them customers.
Meanwhile, businesses were found not to be taking action on untrustworthy keys.