Today, the Ponemon Institute and Venafi released the 2015 Cost of Failed Trust Report, the first update to the 2013 study and the only global research to analyze the impact of attacks on the system of Internet trust established by cryptographic keys and digital certificates. You can download your copy of the report and see the research highlights in the Infographic included below.
What many may find surprising is that for the fourth consecutive year, every organization that participated in the survey – 100 percent of more than 2,300 IT security professionals from the U.S., United Kingdom, Australia, France, and Germany – reported that they had responded to multiple attacks on keys and certificates in the past two years.
The report’s findings show that IT security professionals believe we’re at a breaking point: more than half of the respondents reported that the technology behind the trust online that their business requires to operate is in jeopardy.
These concerns about trust online are hardly surprising given that some of the largest and most dangerous breaches to date – Heartbleed, Community Health Systems, Dark Hotel, and more – have involved the keys and certificates that are required to establish trust. In just the last months we’ve seen multiple abuses of keys and certificates via the Lenovo/Superfish certificate authority debacle and the FREAK vulnerability – and those incidents hadn’t even been reported yet when this research was completed in January 2015. No doubt the sense of urgency for regaining trust is now greater than ever before. And with stolen certificates now fetching almost $1,000 on the black market, CISOs and other IT professionals can be assured that this problem will only continue to grow.