Page 5 - index
P. 5
Reclaiming Control Over Trust
by Jeff Hudson, CEO, Venafi
Hardening Starts with Trust
Enterprises face a daily barrage of targeted and persistent attacks, and the cyber criminals are preying
on an increasingly common exploit at the foundation of online trust—digital certificates and encryption
keys. Without effective control over this trust, organizations’ networks are easily infiltrated, allowing
criminals to evade multiple layers of security and steal valuable IP.
How big is the problem of compromised digital certificates and encryption keys?
Digital Certificates and encryption keys provide the foundation of trust in the modern world of online
payments. When enterprises fail to establish control of these trust technologies they risk high financial
loss.
A recent report by Ponemon Institute underwritten by Venafi, 2013 Annual cost of Failed Trust Report:
Threats & Attacks, established that every Global 2000 organization is at risk of losing $398 million due to
poor trust management. That being said, 51 percent of organizations that participated in the survey on
which the report was based admitted that they don’t know how many certificates and keys they have.
The report also revealed that on average a Global 2000 company has 17,807 keys and certificates.
If you take into account that AV-Test handle 200,000 new malicious pieces of sample code per day, plus
that fact that the CCSS forum have seen 600% Y/Y growth in malware attacks using stolen keys and
certificates—most of them VeriSign, the problem is a very large.
What are examples of attacks on trust and what is at risk?
All respondents to the Ponemon survey had suffered at least one trust attack due to management
failures in the last two years. Examples of such attacks include SSH key theft, man-in-the-middle attacks,
phishing attacks, cryptographic key theft and weak cryptographic exploits.
Ponemon research revealed that man-in-the-middle and phishing attacks are expected to cost
organizations an average of $73,250,825 in the next 24 months. Server cryptographic key theft was
estimated to cost organizations an average of $124,489,384 over that same time period, while weak
cryptographic exploits were estimated to cost $124,617,926. The most alarming key and certificate
management threat was a SSH compromise.
5 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
