A joint study carried out by the technology leader in application networking, A10 Networks and in partnership with the Ponemon Institute has found that the high risk of cyber-attacks to financial services, healthcare and other industries stems from the growing reliance on encryption technology.
The study, ‘Hidden Threats in Encrypted Traffic: A Study of North America & EMEA’, surveyed 1,023 IT security practitioners in Europe and North America, highlighting the increasing challenges these professionals face in the fight to prevent and detect attacks on encrypted traffic in and out of their organisations’ networks.
Nearly half of respondents (47 per cent) cited a lack of enabling security tools as the primary reason for not inspecting decrypted web traffic; closely followed by 45 per cent stating insufficient resources and degradation of network performance. However, 80 per cent claimed their organisations have previously been victims of cyber-attacks during the last 12 months, and nearly half say that the attackers used encryption to evade detection.
Director of cyber operations at A10 Networks, Dr. Chase Cunningham, said: “IT decision makers need to think more strategically. The bad guys are looking for ROI just like the good guys, and they don’t want to work too hard to get it. Instead of focusing on doing everything right 100 percent of the time, IT leaders can be more effective by doing a few things very strategically with the best technology available. It’s the cyber security equivalent of the zombie marathon — as long as you can avoid being the slowest in outrunning the zombies, you minimise risk.”
Although the study pinpoints that 75 per cent of survey respondents say their networks are at risk from malware hidden inside encrypted traffic, an estimated two-thirds admitted their company is ‘unprepared’ to detect malicious SSL traffic; leaving them vulnerable to costly data breaches and the loss of intellectual property.