Cyber attacks on trust expose UK organizations to £247 million in losses reveals Ponemon and Venafi research

Mismanagement of millions of cryptographic keys and digital certificates threatens security and operations of UK businesses.

  • 11 years ago Posted in

Venafi and the Ponemon Institute reveal that every large UK businesses is open to £247million in possible threat exposure due to a lack of control over cryptographic keys and certificates, the foundation of trust in the modern world of secure communications, smartphones, cloud computing and almost every digital and electronic asset.


Organisations face ever-increasing challenges with trust exploits. With advanced persistent threats (APTs), bad actors are taking advantage of every exploit and look for the weakest link in security systems. Common, well-known vulnerabilities like digitally signed malware, poor key and certificate management and weak cryptographic methods remain in many enterprises. Despite over half (51%) of UK organisations admitting that they know these to be major security issues, few are taking action. Failure to manage certificates and keys creates vulnerabilities that cybercriminals leverage to breach enterprise networks, steal data and IP and disrupt critical business operations. Every UK organisation in the survey had faced at least one of these attacks over the last 2 years.


“With every business and government department across the UK relying on cryptographic keys and certificates in order to operate, failure to manage just one can result in serious attacks or unplanned system outages, says Calum Macleod, Venafi EMEA Evangelist. “Criminals understand how difficult it is to control trust, and by failing to have the correct controls in place to manage or secure certificates and keys, businesses have opened themselves up to risk on a daily basis.”


Today the typical Global 20000 organisation has an average of 17,807 certificates and keys deployed across its infrastructure. Within the UK Fortune 500, there are likely five or six million keys and certificates in use at any one time, which creates a significant target for attack and renders manual management untenable.


The survey also highlights that 61% of UK respondents don’t know how many keys or certificates are currently in use across their infrastructure. This identifies a worrying trend that whilst half of respondents know the security impact of certificate mismanagement, the same amount (half) have no idea how many certificates are currently in action.


Macleod continues “It is extremely concerning to know that so many businesses are aware of the security impacts certificate and key oversight can have on a business, yet are still doing nothing to combat the problem. Unless organisations sit up and take notice of this growing problem the threat and the amount of money lost by organisations each year will only increase.”
 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Palo Alto Networks has introduced Prisma® Cloud 3.0, said to be the industry’s first integrated...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...