Mozilla has announced that over half of web traffic is now encrypted, for the first time. As this is some landmark for internet security – it shows that user privacy can now be expected as standard. Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi commented below.
Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi:
“Since Snowden’s revelations on government surveillance, the Internet has moved to keep more private and safe, as today’s news shows. But, attempting solve one of the world’s most important problems has brought unintended consequences. The security systems designed to defend businesses were destined for a world with little encryption. Encryption creates tunnels that can’t be examined unless a business is prepared. This quickly creates huge blindspots in organisation’s defences, meaning that the millions spent on cyber security and detection tools could become redundant, unless businesses find a way to shine a light in there and monitor what is happening.”
“Cybercriminals around the world know this. Research has shown that 85% of CIOs are concerned that attackers are increasingly hiding in encrypted traffic, and they are right to be concerned. Security experts believe that 70% of future attacks will use the encryption we’ve put in place to protect us.”
“At the heart of this is the fact that encryption is underpinned by cryptographic keys and digital certificates, which provide identity and access management for machines – much like biometrics and passwords do for humans. If your cyber defences do not have access to the right keys and certificates, then they can’t look in encrypted tunnels, making them useless. Yet the industry is largely failing to wake up to this danger. The only way to safely implement encryption is to maintain control – you need to make sure the security system have access to the keys they require to inspect your traffic for threats. This requires automation that industry still must catch up on. So while encryption and privacy are clearly on the agenda at the moment, our lack of preparedness means that we’re wasting millions and actually making it easier for bad guys.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.