Sponsor: Venafi

Most alarming threat to security professional in 2015 is a Cryptoapocalypse: a discovered cryptographic weakness that becomes the ultimate weapon, allowing websites, payment transactions, stock trades, and government to be spoofed or surveilled (term was coined by researches presenting their findings at Black Hat 2013).

This is the second part of the Ponemon Institute’s 2015 Cost of Failed Trust Report, which reveals the damaging impacts on global business from unprotected cryptographic keys and digital certificates. This new report reveals that most companies lose customers, suffer costly outages, fail audits, and experience breaches due to unprotected and poorly managed keys and certificates.

Many security systems now perform high speed SSL/TLS decryption. But these systems cannot decrypt traffic if they don’t have access to keys and certificates. To eliminate blind spots in encrypted traffic, you need to secure your keys and certificates. Otherwise, your other security controls become less effective and leave the door open to cybercriminals.

SSH is a cryptographic security protocol used to connect administrators and machines. While SSH keys are often used to secure access to the most sensitive systems and data, there is usually little awareness or policy enforcement in place around their use. If you don’t know which administrator or SSH key has access to which servers, your IT environment may already be at risk.

Venafi automates, streamlines, and validates your PKI refresh, scaling to hundreds of thousands of keys and certificates. And with automated integration across hundreds of applications, devices and CAs, you can deliver policy-enforced replacement or remediation of certificates in just minutes.

Advanced Persistent Threat (APT) operators have proven they can breach enterprises like yours by undermining your critical security controls when you fail to protect digital certificates and cryptographic keys. Not securing all of your keys and certificates enables cybercriminals to bypass controls like threat detection, data protection, firewalls, VPNs, DLP, privileged access, and authentication systems that you expect will mitigate threats.

Your organization, like so many others, is most likely increasing its use of SSL/TLS to protect sensitive data and reduce risk. To accomplish this, organizations rely on digital certificates to enable encryption and authenticate communications for customers, partners, and employees. These digital certificates are also used to secure machine-to-machine authentication and mobile applications.

Using the recently released Venafi TrustNet certificate reputation service, the Venafi Labs team re-evaluated SSL/TLS vulnerabilities in Q1 2015 and found that most Global 2000 organizations have failed to completely remediate Heartbleed—now a full year after the vulnerability was first publicly disclosed.

This leaves these organizations vulnerable to cyberattacks, future brand damage, and intellectual property loss. In one oft-cited incident, Community Health Systems was breached by the Chinese APT 18 group, who exploited incomplete Heartbleed remediation and unprotected keys to steal data on 4.5 million patients.