CIOs wasting millions on cybersecurity that doesn't work half of the time
The survey found overwhelming consensus among IT executives that the foundation of cybersecurity—cryptographic keys and digital certificates—is being left unprotected, leaving enterprises blind, in chaos, and unable to defend their businesses.
CIOs acknowledge they are wasting millions of dollars on layered security defences because these tools blindly trust keys and certificates—unable to differentiate between which keys and certificates should be trusted and which shouldn't.
With Gartner predicting that 50% of network attacks will come over SSL/TLS this means popular security systems like FireEye will only work half of the time. And CIOs recognize that this chaos is jeopardizing their most strategic plans to build Fast IT organizations around DevOps.
87% of CIOs believe their security defences are less effective since they can't inspect encrypted network traffic for attacks. 90% of CIOs have or expect to suffer from an attack in which encrypted traffic is used to hide the attack.
86% of CIOs think stolen encryption keys and digital certificates will be the next big market for hackers. 79% of CIOs agree that their core strategy to accelerate IT and innovation is in jeopardy because these initiatives introduce new vulnerabilities.
Deployed technologies like endpoint protection, advanced threat protection, next generation firewalls, behavioural analytics, intrusion detection systems (IDS) and data loss prevention (DLP) are fundamentally flawed because they cannot determine which keys and certificates are good or bad, friend or foe.
As a result, one consequence is that they are unable to inspect the vast majority of encrypted network traffic. This leaves gaping holes in enterprise security defences.
Cybercriminals are taking advantage of these security blind spots and are using unprotected keys and certificates to hide in encrypted traffic and circumvent security controls. ■