Research by the Ponemon Institute found that the digital trust which underpins most of the world’s economy is nearing the breaking point—with no replacement in sight. For four years running, 100% of the organizations surveyed have responded to multiple attacks on keys and certificates, which enterprises use to establish digital trust in their data centers, applications, clouds and on mobile devices.
• Learn why enterprises are vulnerable to trust-based attacks
• Discover which types of attacks present the greatest risk and largest impact
• See the estimated total possible financial impact ($597M, up nearly 50% from 2013) as well as the amount of risk per organization over the next two years
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
Trust Online is at the Breaking Point
1. TRUST ONLINE
IS AT THE BREAKING POINT
The trust established by cryptographic
keys and digital certificates is in jeopardy
2. 58% OF COMPANIES
Need to better secure
and protect their keys
and certifiates
60% OF IT SECURITY TEAMS
Believe their organization needs to
better respond to vulnerabilities
involving keys and certificates
3. 100% ATTACKED
All survey respondents reported that they have responded to attacks
using keys and certificates within the last 2 years—
this is a costly problem that is just getting worse.
WHAT’S THE RESULT?
4. $597M TOTAL IMPACT
Total possible impact per
organizations for all attacks
2013UP
50%
$53M RISK OF ATTACK
Over the next 2 years per
organization
2015 - $53M
2013 - $35M
UP 51%
Risk = Probability of attack x total impact
$398M
WHAT’S THE RESULT?
5. 2,394 RESPONDENTS
In Global 5,000 Organizations
Australia
336France
339
Germany
574
UK
499
United States
646
WHO DID WE ASK?
7. 23,922 KEYS & CERTIFICATES
On average per company
UP 34% FROM 2013
$1000 PRICE TAG
For a stolen
certificate in the
underground
marketplace
WHAT CAUSES THIS RISK?
8. 54% OF ORGANIZATIONS ARE UNAWARE
Most organizations do not know
where all keys and certificates are located
UP FROM
50% IN 2013
WHAT CAUSES THIS RISK?
9. CRYPTOAPOCALYPSE
Most alarming threat to security professionals in 2015 is a
Cryptoapocalypse: a discovered cryptographic weakness
that becomes the ultimate weapon, allowing websites,
payment transactions, stock trades, and governments to
be spoofed or surveilled (term was coined by researchers
presenting their findings at Black Hat 2013).1
1. Stamos, Alex, et al. Blackhat USA 2013. Preparing for the Cryptopocalypse. July 2013.
WHAT ARE THE MOST ALARMING THREATS?
10. GREATEST RISK
$22M Weak cryptographic exploit
$11M Mobility certificate misuse
$8.4M Code-signing certificate misuse
$6.5M MITM attacks
$3.1M SSH key misuse
$1.9M Server certificate misuse
LARGEST IMPACT
$126M Mobility certificate misuse
$114M Weak cryptographic exploit
$102M Code-signing certificate misuse
$93M SSH key theft
$90M MITM attacks
$73M Server certificate misuse
WHAT ARE THE MOST ALARMING THREATS?
11. !
THREAT TO MOBILE LOOMS LARGE
Enterprise mobility certificates—
used with WiFi, VPN, and MDM/EMM
$11M- #2 Greatest Risk $126M - #1 Largest Impact
WHAT ARE THE MOST ALARMING THREATS?
12. HALF OF IT SECURITY PROFESSIONALS BELIEVE
• Trust established by keys and certificates is in jeopardy
• The way we create trust is broken
• Gartner is right,“Certificates can no longer be blindly trusted”2
2. Gartner. Maverick Research: Living in a World Without Trust: When IT’s Supply Chain Integrity and Online Infrastructure
Get Pwned. Gartner Doc: G00238476. October 5, 2012.
TRUST IS IN JEOPARDY
13. Know what’s being used:
find all keys and certificates
Always know what’s
trusted, what’s not:
continuously monitor,
check reputation for all
1
3
Establish what should be trusted:
enforce policy, automate security
Remediate what’s not trusted:
fix and replace vulnerable keys
and certificates
2
4
4 RECOMMENDATIONS FOR SECURITY TEAMS
14. Protecting the trust established by keys and
certificates must be a security priority
Read the full report, 2015 Cost of Failed Trust Report
Venafi.com/FailedTrust
KEYS&CERTIFICATESMUSTBEBETTERSECURED&PROTECTED