Skip to main content
banner image
venafi logo

National Cyber Security Awareness Month: Celebration Concludes, Challenges Remain

National Cyber Security Awareness Month: Celebration Concludes, Challenges Remain

generic_blog_banner_image
November 7, 2016 | Scott Carter

As we look back all the positive attention generated by National Cyber Security Awareness Month, we see some areas that still deserve more focus. Exploits using keys and certificates are one of the fastest growing threat vectors. Yet, surprisingly, many organizations do not realize the impact that managing keys and certificates can have on their security risk posture. 

While experiencing unprecedented growth, driven largely by the steady increase of encrypted traffic, keys and certificates are not generating a proportionate level of attention. Granted, most organizations acknowledge the importance of keys and certificates as a necessary element of authorization and encryption. But it’s difficult for many to think ahead to the consequences of their misuse or mismanagement. But when you frame those consequences in terms of compromises or systems outage, ears begin to prick up.

But simply acknowledging the problem doesn’t change how hard it is to keep track of the sheer number of keys and certificates organizations now have to manage. Many still have trouble creating an accurate inventory of their keys and certificates. Yet, without that visibility, it’s nearly impossible to determine if any of their keys and certificates are being misused by cybercriminals.

The privileged access that keys and certificates grant makes them a highly sought after tool of cybercriminals. They determine trust between systems, enabling secure connections and communications within your organization. When cybercriminals misuse that trust through fraudulent or rogue keys and certificates, they hit the trust jack pot. They gain access to systems and privileged information that they can misuse for their gain—and your loss.

Properly managing keys and certificates also helps increase the effectiveness of your organization’s security tools. How? If your security tools cannot access keys and certificates to inspect encrypted traffic, then you will not be able to tell how much of that traffic is legitimate. You may inadvertently be giving cybercriminals a free pass to hide in your encrypted traffic. And your security won’t be able to detect it.

It’s important to protect the weakest link to avoid this type of blind spot and the potential exploits that come with it. So as we close out National Cyber Security Awareness Month, do yourself a favor. Ask the hard questions about how secure your keys and certificates really are. Do you have a complete inventory? Do you know when they are set to expire? Do you know who has access to them? And do you know how they are being used? Then act accordingly. 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Déjà Vu at LinkedIn: Second TLS Certificate Expiry in 2 Years

Prepare this presentation and send it to me, once approved you can teach entire team.

Overheard at Machine Identity Protection Global Summit 2019

machine identity protection

Leaders Underscore the Critical Nature of Machine Identity Protection at Inaugural Global Summit

About the author

Scott Carter
Scott Carter

Scott Carter writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat