Today, Venafi released a report based on survey findings and analysis, IT Security Professionals Know the Risk of Untrusted Certificates and Issuers, but Do Nothing. The survey was conducted at 2015 Black Hat USA and gathered responses from over 300 IT security professionals. As the title suggests, the report reveals that security professionals know the risks associated with untrusted certificates, including compromises of certificate authorities (CAs), but they are currently not taking steps to protect themselves and don’t have remediation mechanisms in place to effectively mitigate a future CA compromise.
Why is it important to understand and respond to threats using untrusted certificates? The report highlights how cybercriminals are increasingly misusing keys and certificates to breach organizations, elevate their privileges, and hide activity. And although they may know the risks, most organizations are unprepared to defend against these attacks.
Here are a couple survey responses that indicate that security professionals are aware of the risks associated with untrusted certificates and compromised CAs:
Although security professionals understand the types of threats that can result from misused certificates, they do not grasp the extent of their risk exposure.
Maybe because of the lack of insight to the extent of their risk, security professionals aren’t taking action against current threats or establishing incident response plans that will protect them in the future when a leading CA is compromised.
What should organizations do to protect themselves? Read the report to get a 3-point recommendation plan on how to reduce the risk and impact of fraudulent issuance and misuse of certificates. The report concludes by saying we should take a lesson from nature and use the Immune System for the Internet™ to identify good vs. bad, friend vs. foe to defend against the misuse of keys and certificates.
What are your thoughts on these survey results? Is your organization prepared for the next CA compromise? How do you remediate when your certificates and keys are misused by cybercriminals?