HTTPS is supposed to be a good thing, right? It secures web traffic. It flags unsafe sites. And it safeguards privacy. But can relying solely on these benefits leave us with a false sense of security? Adam Levin explores questions such as this in a recent article on Inc.com, where he advises businesses that “hackers have discovered that HTTPS is tailor-made for cloaking their cyber attacks.” He goes on to point out that they can misuse HTTPS to bypass security controls such as firewalls, sandboxes, and behavior analytics—all tools that are “designed to detect and neutralize malicious traffic.”
How widespread is this type of problem? A recent study, published by the Ponemon Institute and A10 Networks, revealed that 51% of the organizations surveyed expect network attackers to increase their use of encryption over the coming year. 41% of those who had already experienced an attack in the past year said that attackers had used encryption to evade detection and steal data.
In the Inc.com article, Kevin Bocek, chief security strategist at Venafi, comments on the overall lack of preparedness. "Sadly enterprise spending on sexy security systems is completely ineffective to detect this kind of malicious activity," He goes on to highlight the serious consequences, noting that "a cyber criminal using encrypted traffic is given a free pass by a wide range of sophisticated, state-of-the-art security controls."
Read the rest of the Inc.com article to learn more about technologies that can help your organization prepare to defend against attacks that hide in encrypted traffic.