According to a Venafi survey conducted at RSA Conference 2017, 23 percent of respondents have no idea how much of their encrypted traffic is decrypted and inspected.
“Encryption offers the perfect cover for cyber criminals,” said Kevin Bocek, chief security strategist for Venafi. “It’s alarming that almost one out of four security professionals doesn’t know if his or her organization is looking for threats hiding in encrypted traffic. It’s clear that most IT and security professionals don’t realize the security technologies they depend on to protect their business are useless against the increasing number of attacks hiding in encrypted traffic.”
- According to the 2017 Mandiant M-Trends report, the average time it takes to detect a cyber attack is 99 days, but 41 percent of respondents to the Venafi survey believe they can detect and respond to a cyber attack hidden in encrypted traffic within one week. Additionally, 20 percent believe they can detect and respond to a cyber attack within one day.
- A surprising number of respondents (41 percent) say they encrypt at least 70 percent of their internal network traffic; 57 percent say they encrypt 70 percent or more of their external web traffic.
- Almost one fifth (19 percent) of the respondents said they decrypt and inspect all of their encrypted traffic.
Encryption is critical to the world’s digital economy because of the fundamental role it plays in protecting data privacy. However, as the use of encryption explodes, cybercriminals are finding ways to hide attacks inside encrypted traffic; a recent study from A10 Networks found that 41 percent of cyber attacks used encryption to evade detection.
“Although the vast majority of the respondents inspect and decrypt a small percentage of their internal encrypted traffic, they still believe they can quickly remediate a cyber attack hidden in encrypted traffic,” Bocek continued. “The problem is that attackers lurking in encrypted traffic make quick responses even more difficult. This is especially true for organizations without mature inbound, cross-network, and outbound inspection programs. This overconfidence makes it very clear that most security professionals don’t have the strategies necessary to protect against malicious encrypted traffic.”