Skip to main content
banner image
venafi logo

The Cybercriminal’s New Weapon: Insights from Forrester Research Every IT Security Team Needs to Know

The Cybercriminal’s New Weapon: Insights from Forrester Research Every IT Security Team Needs to Know

August 15, 2013 | Kevin Bocek

In the 21st century, there’s probably one certainty in life beyond death and taxes: cybercriminals will use what we’ve trusted against us. From email to online banking, cybercriminals hijack what we trust. In a new study, Forrester concludes that cybercriminals have added new weapons to their arsenal: cryptographic keys and digital certificates. And in doing so, they’ve converted what is supposed to create security and trust in to a powerful attack weapon. Download your copy of this new study, Attacks on Trust: Cybercriminal’s New Weapon to learn more.


Because of the demonstrated capabilities compromised keys and certificate provide adversaries, new security systems, like next-generation threat protection systems, prove little help in thwarting attacks since criminals take on trusted status. These conclusions echo Venafi’s analysis looking back over the last 16 years of weaponization by the cybercriminal community.

Forrester’s study identifies new insights including:

  • How spending on keys and certificates ranks compared to other data security initiatives
  • How advanced threat protection (APT) investments are being prioritized
  • What is the impact to organizations by attacks on trust and are enterprises concerned

Forrester finds that:

“There is simply a lack of visibility and control over the hundreds and thousands of keys and certificates responsible for creating the confidence and security in today’s modern world that we’ve all taken for granted.”

And the problem is of our doing.

“The risk established by this gap wouldn’t be tolerated elsewhere today. No CISO could consider having tens of thousands of unknown network ports open and have no way to control them.”

How serious is the problem then? Forrester concludes that it’s one of the most serious facing enterprises today:

“This gap enables a situation that is every attacker’s dream: 1) The enterprise has no visibility into the problem, and 2) the enterprise has no controls to respond to an attack. Basically, the enterprise is a sitting duck.”

How can IT security teams can fight back against an “attacker’s dream” that leaves every enterprise a “sitting duck?” Forrester recommends 4 goals enterprise should and can achieve. Getting these right is important today, but Forrester believes even more important in the future:

“As cloud services and user mobility increase, there will be new and expanding use cases for cryptographic keys and digital certificates. With this increased dependency, the surface area of attack for every government and business also increases. Your future — the trust in and control over your cloud services, mobile devices, and data — depends upon on how you secure keys and certificates.”

Like this blog? We think you will love this.
Featured Blog

Researchers Find 3,200 Apps Exposing Twitter API Keys, Cite ‘BOT Army’ Threat

Key Findings:

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Kevin Bocek
Kevin Bocek

Kevin is Vice President of Security Strategy & Threat Intelligence at Venafi. He is recognized as a subject matter expert in threat detection, encryption, digital signatures, and key management, and has previously held positions at CipherCloud, PGP Corporation and Thales.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more