Encryption is a critical component of our digital economy. It plays a fundamental role in protecting our privacy and our commerce, especially as we face unpredictable geopolitical situations. Unfortunately, cyber criminals are finding ways to hide attacks inside the very encrypted traffic that is designed to protect our privacy. This will only get worse as the drive for encryption continues to explodes: a recent study from A10 Networks found that 41 percent of cyber attacks used encryption to evade detection.
How successful are organizations in responding to these evolving cyber risks? During RSA Conference 2017, Venafi conducted a survey to see how security professionals defend themselves against threats hiding in encrypted communications. Over 1540 attendees participated in the survey, and unfortunately, the investigation revealed major protection gaps.
Interesting highlights from the survey included the following:
- Nearly a quarter of the respondents (23%) had no idea how much of their encrypted traffic was decrypted and inspected.
- 41 percent of respondents thought they could detect and respond to a cyber attack hidden in encrypted traffic within one week. Additionally, 20 percent believed they could detect and respond to a cyber attack within one day.
- According to the 2017 Mandiant M-Trends report, the average time it takes to detect a cyber attack is 99 days.
- According to the 2017 Mandiant M-Trends report, the average time it takes to detect a cyber attack is 99 days.
- A surprising number of respondents (41 percent) said they encrypted at least 70 percent of their internal network traffic; 57 percent said they encrypted 70 percent or more of their external web traffic.
Kevin Bocek, chief security strategist for Venafi, provided his thoughts on the survey results: “Encryption offers the perfect cover for cyber criminals. It’s alarming that almost one out of four security professionals doesn’t know if his or her organization is looking for threats hiding in encrypted traffic. It’s clear that most IT and security professionals don’t realize how these blind spots impact the security technologies they depend on to protect their business. Without the proper visibility, many of these security solutions are useless against the increasing number of attacks hiding in encrypted traffic.”
Most of the respondents believed they could quickly remediate a cyber attack hidden in their encrypted traffic, despite only inspecting and decrypting a small percentage of their internal traffic. “The problem is that attackers lurking in encrypted traffic make quick responses even more difficult,” said Bocek. “This is especially true for organizations without mature inbound, cross-network, and outbound inspection programs. This overconfidence makes it very clear that most security professionals don’t have the strategies necessary to protect against malicious encrypted traffic.”
Ultimately, organizations must understand that additional tools and protocols are needed to effectively protect their encrypted traffic.
How confident are you? Are you taking the steps necessary to protect yourself from cyber attackers hidden in encrypted traffic?