Brian Jackson - Fotolia
Cyber attackers are increasingly using encryption to hide their activities, but nearly a quarter of security professionals admit they are blind to this threat, a survey has revealed.
Security firm Venafi polled 1,540 information security pros about their organisations’ capability to defend against threats hiding in encrypted communications.
Some 23% said they had no idea how much of their encrypted traffic was decrypted and inspected, and 17% said they did not know how much of their traffic was encrypted.
However, 41% said they encrypted at least 70% of their internal network traffic, and 57% said they encrypted 70% or more of their external web traffic, indicating that the proportion of encrypted traffic flowing into and out of organisations is growing.
Another Venafi survey of security pros in February 2017 revealed that recent political events had made them more concerned about privacy and, as a result, 66% said their organisations were looking to increase their use of encryption. However, only 29% said they were “90% confident” in their organisations’ ability to secure and protect encrypted communication.
Encryption is critical to the world’s digital economy because of the fundamental role it plays in protecting data privacy, but secure socket layer (SSL) and transport layer security (TLS) encryption also weakens enterprise defence-in-depth efficiency, according to Gartner, exposing endpoints to threats from outbound and inbound traffic.
Malware is already using SSL to remain under the radar of network security systems, and with increasing use of encryption online, Gartner believes this trend is likely to expand rapidly.
An August 2016 study by A10 Networks and the Ponemon Institute found that malware in nearly half of cyber attacks in the preceding 12 months had been sneaked into organisations under the cover of encryption.
Gartner predicts that in 2017, more than half the network attacks targeting enterprises will use encrypted traffic to bypass controls to sneak malware into organisations and exfiltrate data undetected.
Read more about the security risks of encryption
- Yahoo is likely to have been a victim of its own encryption and security is still poor despite the huge breach that hit the company in 2014, according to security firm Venafi.
- Cyber attackers are using encryption to hide malicious activity, making it increasingly difficult to find as more organisations turn to encryption to protect data, a study has revealed.
- Seven more security suppliers join Blue Coat encrypted traffic management programme amid fresh warnings of attackers using encryption to hide malicious activity.
- Encryption provides an additional layer of protection to hide cyber attackers’ traffic, resulting in a preference for https.
“Encryption offers the perfect cover for cyber criminals,” said Kevin Bocek, chief security strategist at Venafi. “It is alarming that almost one in four security professionals does not know if his or her organisation is looking for threats hiding in encrypted traffic.
“It is clear that most IT and security professionals do not realise the security technologies they depend on to protect their business are useless against the increasing number of attacks hiding in encrypted traffic.”
The survey also revealed that many security pros are potentially over-confident in their ability to detect cyber attacks.
According to the 2017 Mandiant M-Trends report, the average time it takes to detect a cyber attack is 99 days, but 20% of respondents to the Venafi survey believed they could detect and respond to a cyber attack within a day, while 41% said they could detect and respond to a cyber attack hidden in encrypted traffic within a week, even though only 19% said they decrypted and inspected all their encrypted traffic.
“Although the vast majority of the respondents inspect and decrypt a small percentage of their internal encrypted traffic, they still believe they can quickly remediate a cyber attack hidden in encrypted traffic,” said Bocek.
“The problem is that attackers lurking in encrypted traffic make quick responses even more difficult. This is especially true for organisations without mature inbound, cross-network and outbound inspection capabilities.
“This over-confidence makes it very clear that most security professionals don’t have the strategies necessary to protect against malicious encrypted traffic.”