IT executives overwhelmingly agree that they have a fundamental flaw in their cybersecurity strategies. Research shows organizations are not protecting the technology that determines if software, devices, clouds, and applications are good or bad, friend or foe—cryptographic keys and digital certificates. This gap allows cybercriminals to use these unprotected keys and certificates in half of network attacks to hide their actions and bypass security controls.
Ultimately, this undermines costly security investments, which are expected to total $83 billion in 2016, leaving the Global 5000 blind to these threats and unable to defend their businesses.
As organizations layer security controls to protect their business, 90% of CIOs admit to wasting millions on inadequate cybersecurity. Why? Keys and certificates—the foundation of cybersecurity that determines if software, devices, clouds, and applications are good or bad, friend or foe—are being left unmanaged and unprotected. The bad guys are taking advantage of this fatal flaw in enterprises’ security foundation and using keys and certificates to hide their actions and circumvent security controls.
Organizations are implementing IT initiatives such as Fast IT, DevOps, and Encryption Everywhere strategies, which are responsible for exponential growth in the amount of software and an increase in encrypted traffic of nearly 100%. This is causing a dramatic rise in the sheer numbers of keys and certificates, up 34% between 2013 and 2015, with over 23,000 keys and certificates in today’s average enterprise. And 54% of IT security professionals admit to not knowing where all of their keys and certificates are located, who owns them, or how they are used. This is creating chaos and compounding risk exposure, jeopardizing the success of these strategic plans and exposing businesses to attacks.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program