POST Online Media Lite Edition



 

CIOs wasting millions on cybersecurity that doesn't work half of the time

Staff writer |
Venafi presented the findings of a global survey of 500 CIOs conducted by Vanson Bourne about the prevalence and business impact of failed IT security.

Article continues below






The survey found overwhelming consensus among IT executives that the foundation of cybersecurity—cryptographic keys and digital certificates—is being left unprotected, leaving enterprises blind, in chaos, and unable to defend their businesses.

CIOs acknowledge they are wasting millions of dollars on layered security defences because these tools blindly trust keys and certificates—unable to differentiate between which keys and certificates should be trusted and which shouldn't.

With Gartner predicting that 50% of network attacks will come over SSL/TLS this means popular security systems like FireEye will only work half of the time. And CIOs recognize that this chaos is jeopardizing their most strategic plans to build Fast IT organizations around DevOps.

87% of CIOs believe their security defences are less effective since they can't inspect encrypted network traffic for attacks. 90% of CIOs have or expect to suffer from an attack in which encrypted traffic is used to hide the attack.

86% of CIOs think stolen encryption keys and digital certificates will be the next big market for hackers. 79% of CIOs agree that their core strategy to accelerate IT and innovation is in jeopardy because these initiatives introduce new vulnerabilities.

Deployed technologies like endpoint protection, advanced threat protection, next generation firewalls, behavioural analytics, intrusion detection systems (IDS) and data loss prevention (DLP) are fundamentally flawed because they cannot determine which keys and certificates are good or bad, friend or foe.

As a result, one consequence is that they are unable to inspect the vast majority of encrypted network traffic. This leaves gaping holes in enterprise security defences.

Cybercriminals are taking advantage of these security blind spots and are using unprotected keys and certificates to hide in encrypted traffic and circumvent security controls.


What to read next

Banking industry still lags on cybersecurity
Cybersecurity is top concern on paper, reality is different
Spending on cybersecurity is approaching $70 billion per year