Skip to main content
banner image
venafi logo

National Cyber Security Awareness Month: Celebration Concludes, Challenges Remain

National Cyber Security Awareness Month: Celebration Concludes, Challenges Remain

November 7, 2016 | Scott Carter

As we look back all the positive attention generated by National Cyber Security Awareness Month, we see some areas that still deserve more focus. Exploits using keys and certificates are one of the fastest growing threat vectors. Yet, surprisingly, many organizations do not realize the impact that managing keys and certificates can have on their security risk posture. 

While experiencing unprecedented growth, driven largely by the steady increase of encrypted traffic, keys and certificates are not generating a proportionate level of attention. Granted, most organizations acknowledge the importance of keys and certificates as a necessary element of authorization and encryption. But it’s difficult for many to think ahead to the consequences of their misuse or mismanagement. But when you frame those consequences in terms of compromises or systems outage, ears begin to prick up.

But simply acknowledging the problem doesn’t change how hard it is to keep track of the sheer number of keys and certificates organizations now have to manage. Many still have trouble creating an accurate inventory of their keys and certificates. Yet, without that visibility, it’s nearly impossible to determine if any of their keys and certificates are being misused by cybercriminals.

The privileged access that keys and certificates grant makes them a highly sought after tool of cybercriminals. They determine trust between systems, enabling secure connections and communications within your organization. When cybercriminals misuse that trust through fraudulent or rogue keys and certificates, they hit the trust jack pot. They gain access to systems and privileged information that they can misuse for their gain—and your loss.

Properly managing keys and certificates also helps increase the effectiveness of your organization’s security tools. How? If your security tools cannot access keys and certificates to inspect encrypted traffic, then you will not be able to tell how much of that traffic is legitimate. You may inadvertently be giving cybercriminals a free pass to hide in your encrypted traffic. And your security won’t be able to detect it.

It’s important to protect the weakest link to avoid this type of blind spot and the potential exploits that come with it. So as we close out National Cyber Security Awareness Month, do yourself a favor. Ask the hard questions about how secure your keys and certificates really are. Do you have a complete inventory? Do you know when they are set to expire? Do you know who has access to them? And do you know how they are being used? Then act accordingly. 

Like this blog? We think you will love this.
Featured Blog

With Rapid Rise in Funds Stolen from DeFi Protocols, Private Keys in Play

Massive heist begins with

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more