In the 21st century, there’s probably one certainty in life beyond death and taxes: cybercriminals will use what we’ve trusted against us. From email to online banking, cybercriminals hijack what we trust. In a new study, Forrester concludes that cybercriminals have added new weapons to their arsenal: cryptographic keys and digital certificates. And in doing so, they’ve converted what is supposed to create security and trust in to a powerful attack weapon. Download your copy of this new study, Attacks on Trust: Cybercriminal’s New Weapon to learn more.
Because of the demonstrated capabilities compromised keys and certificate provide adversaries, new security systems, like next-generation threat protection systems, prove little help in thwarting attacks since criminals take on trusted status. These conclusions echo Venafi’s analysis looking back over the last 16 years of weaponization by the cybercriminal community.
Forrester’s study identifies new insights including:
Forrester finds that:
“There is simply a lack of visibility and control over the hundreds and thousands of keys and certificates responsible for creating the confidence and security in today’s modern world that we’ve all taken for granted.”
And the problem is of our doing.
“The risk established by this gap wouldn’t be tolerated elsewhere today. No CISO could consider having tens of thousands of unknown network ports open and have no way to control them.”
How serious is the problem then? Forrester concludes that it’s one of the most serious facing enterprises today:
“This gap enables a situation that is every attacker’s dream: 1) The enterprise has no visibility into the problem, and 2) the enterprise has no controls to respond to an attack. Basically, the enterprise is a sitting duck.”
How can IT security teams can fight back against an “attacker’s dream” that leaves every enterprise a “sitting duck?” Forrester recommends 4 goals enterprise should and can achieve. Getting these right is important today, but Forrester believes even more important in the future:
“As cloud services and user mobility increase, there will be new and expanding use cases for cryptographic keys and digital certificates. With this increased dependency, the surface area of attack for every government and business also increases. Your future — the trust in and control over your cloud services, mobile devices, and data — depends upon on how you secure keys and certificates.”