Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, today released its cyber-security and vulnerability predictions for 2013. At the top of its predictions list is that organized cybercriminals and hackers will leverage digital-certificate-based attacks to infect enterprise IT systems with state-developed malware such as Flame and Stuxnet. The results will impact business operations adversely, and could lead to data breaches and brand damage.
“Many pundits, leading media outlets and even some security experts are reporting that enterprises needn't be overly concerned about Flame and Stuxnet-style malware, citing the fact that they were executed by well-funded government intelligence and military groups whose targets were hostile nation-states and not businesses,” said Venafi CEO Jeff Hudson. “However, our view is that companies should be concerned, as the tools and techniques used to execute these types of attacks are, unfortunately, now in the hands of common criminals and rogue entities. In the coming year, such attacks are likely to increase, especially against enterprises, and are likely to result in major data breaches, unplanned outages and significant disruptions to businesses."
Venafi bases its predictions on hard evidence, not conjecture. Earlier this year, Chevron (No. 3 in the Fortune 500 rankings) admitted that it had found the Stuxnet malware in its systems. Chevron has since publicly stated that it does not believe the U.S. government realizes how far and wide the malware has spread. Although reports indicate that the incident did not cause damage or result in data loss, it proves that digital-certificate-based attacks are no longer hypothetical or confined to state-vs.-state cyberwar scenarios.
In addition to predicting increased trends in enterprise attacks, Venafi has also researched the overall enterprise security landscape and developed a number of other predictions:
4G-driven mobility and BYOD compliance will cause security and audit nightmares -- The availability of near-desktop speed on laptops, tablets and smartphones will lead to a larger number of mobile BYOD users accessing sensitive and regulated corporate data. Organizations that do not have effective management and controls in place for BYOD and related WiFi networks and VPNs, along with their related digital certificates and encryption keys, will find themselves spiraling into a security and compliance nightmare that will result in breaches, fines and brand damage.
MD5 and other weak encryption algorithms will cause breaches -- Statistical data gathered by Venafi indicates that nearly all Global 2000 organizations have deployed weak, easily hacked, MD5-signed certificates in their environments. MD5 is the broken certificate-signing algorithm used by Microsoft that allowed hackers to bypass Microsoft security and infect thousands of computers with Flame malware. Once in place, Flame was able to gather sensitive information from the targeted devices. With nearly one out of five certificates deployed across the Global 2000 still using MD5, it is highly probable that related breaches will continue.
The cloud becomes a serious target—The wave of regulators and cybercriminals taking aim at businesses and governments using the cloud has just begun. In the U.S., cloud providers like Amazon and Microsoft now offer compliant cloud services, including HIPAA for healthcare or FISMA for government. Their effectiveness is unproven. In the U.K., the Information Commissioners Office (ICO) outlined a plan for protecting cloud data while complying with U.K. and European Data Protection directives. The ICO can fine organizations £500,000 per violation and states that encryption and “robust key management” are requirements for compliance. With these changes, it is clear that in 2013 regulators globally will take action against organizations that fail to protect data in the cloud.
Security budgets will rise—All signs indicate that most IT security budgets will grow in 2013 due to the increased attention to breaches and to security teams doing a better job articulating both risk and business value. Security projects that can help accelerate strategic projects and reduce work elsewhere are certain to have the best chances of funding in 2013.
Enterprises will realize that they are responsible for ensuring trust and will develop effective continuity and recovery plans—A series of security events that have taken place over the past couple of years have exposed that third-party trust providers are high-value targets for cybercriminals. Organizations know that Certificate Authorities (CAs) can be compromised and that these compromises can lead to devastating cyber attacks. With the assistance of NIST and other best practices available, businesses will start to plan for the inevitable.
Lorem ipsum dolor sit amet, consectetur elit.
Thank you for subscription
Scroll to the bottom to accept
VENAFI CLOUD SERVICE
*** IMPORTANT ***
PLEASE READ CAREFULLY BEFORE CONTINUING WITH REGISTRATION AND/OR ACTIVATION OF THE VENAFI CLOUD SERVICE (“SERVICE”).
This is a legal agreement between the end user (“You”) and Venafi, Inc. ("Venafi" or “our”). BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE AND/OR ACTIVATING AND USING THE VENAFI CLOUD SERVICE FOR WHICH YOU HAVE REGISTERED, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS "YOU" OR "YOUR" SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICE.
You shall not access the Service if You are Our competitor or if you are acting as a representative or agent of a competitor, except with Our prior written consent. In addition, You shall not access the Service for purposes of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purposes, and you shall not perform security vulnerability assessments or penetration tests without the express written consent of Venafi.
This Agreement was last updated on April 12, 2017. It is effective between You and Venafi as of the date of Your accepting this Agreement.
The Venafi Cloud Service includes two separate services that are operated by Venafi as software as a service, each of which is separately licensed pursuant to the terms and conditions of this Agreement and each of which is considered a Service under this Agreement: the Venafi Cloud Risk Assessment Service or the Venafi Cloud for DevOps Service. Your right to use either Service is dependent on the Service for which You have registered with Venafi to use.
This License is effective until terminated as set forth herein or the License Term expires and is not otherwise renewed by the parties. Venafi may terminate this Agreement and/or the License at any time with or without written notice to You if You fail to comply with any term or condition of this Agreement or if Venafi ceases to make the Service available to end users. You may terminate this Agreement at any time on written notice to Venafi. Upon any termination or expiration of this Agreement or the License, You agree to cease all use of the Service if the License is not otherwise renewed or reinstated. Upon termination, Venafi may also enforce any rights provided by law. The provisions of this Agreement that protect the proprietary rights of Venafi will continue in force after termination.
This Agreement shall be governed by, and any arbitration hereunder shall apply, the laws of the State of Utah, excluding (a) its conflicts of laws principles; (b) the United Nations Convention on Contracts for the International Sale of Goods; (c) the 1974 Convention on the Limitation Period in the International Sale of Goods; and (d) the Protocol amending the 1974 Convention, done at Vienna April 11, 1980.
In the meantime, please explore more of our solutions
In the meantime, please explore more of our solutions
This site uses cookies to offer you a better experience. If you do not want us to use cookies, please update your browser settings accordingly. Find out more on how we use cookies.