A newly recently report, entitled “First Annual Cost of Failed Trust Report: Threats and Attacks”, has just been released. This report presents research from the Ponemon Institute and was underwritten by Venafi. The objective of this report is to provide the first extensive examination of how failure to control trust (in IT security keys and certificates) in the face of new and evolving threats is placing all global enterprises at risk.
Every business and government relies on cryptographic keys and certificates to provide trust for critical electronic communications. These technologies underpin the modern world of card payments, online shopping, smartphones and cloud computing. But, unlike when trust could be measured in terms of locks, safes and security cameras, today executives little understand how truly fragile trust is when it comes to these critical areas of operations. The fact is that only a few kilobytes of cryptographic data is all that stands in the way of potentially millions of dollars in sales, grounded airplanes and closed borders.
Very often businesses’ inability to detect such attacks on this trust, or to even take action(s) if they do, makes this targeted area all the more attractive and appealing to those criminals who do now understand the level of fragility in organization’s abilities to control trust has become.
This report attempts to quantify the global financial impact of not addressing this risk management challenge.
Some of the key findings from the research done in this report reveal at least the following:
- Eighteen percent (18%) of enterprises interviewed expect to fall prey to attacks due to using weak legacy cryptography over the next two (2) years.
- All global enterprises surveyed have been impacted by their inability to control this area of trust.
- This vast potential problem cannot be handled manually.
- Fifty-one percent (51%) of global organizations do not know exactly how many keys and certificates they have in their infrastructures.
- The average number of server keys and certificates in global organizations is 17,807.
- The estimate of total cost of exposure to these attacks for all Global 2000 organizations is $ 398 million (U.S. dollars)
- These attack and threats are the most expensive key risk management failure which is easily preventable.
- Organizations surveyed believe that attacks on Secure Shell (SSH) keys –the basic technology used to establish trust and connections with cloud services –present the most alarming threat arising from failure to control and monitor levels of trust in your organization’s keys and certificates.
For this report, the Ponemon Institute surveyed 2,342 respondents from within a Global 2000 community of businesses.
Click here to read this report.
If applicable, please pass this information along to those information security and risk and/or disaster preparedness team members in your organization.