Hearts Still Bleed: Vast Majority of Global 2000 Organizations Remain Vulnerable to Heartbleed
SALT LAKE CITY, April 7, 2015 /PRNewswire/ -- Venafi, the leading provider of Next-Generation Trust Protection, today announced new research reevaluating the risk of attacks that exploit incomplete Heartbleed remediation in Global 2000 organizations.
Using Venafi TrustNet, a cloud-based certificate reputation service designed to protect enterprises from the growing threat of attacks that misuse cryptographic keys and digital certificates, Venafi Labs found that 85 percent of Global 2000 organizations' external servers remain vulnerable to cyber attacks due to Heartbleed. This leaves these organizations defenseless to brand damage and widespread intellectual property loss.
When the Heartbleed vulnerability was discovered in March 2014, many organizations scrambled to patch the bug, but failed to take all of the necessary steps to fully remediate their servers and networks. As of August 2014, 76 percent of Global 2000 organizations with public-facing systems were still vulnerable, having failed to complete remediation despite specific guidance from Gartner and other industry experts. As of April 2015, that number remains nearly unchanged at 74 percent.
"A year after Heartbleed revealed massive vulnerabilities in the foundation for global trust online, a major alarm needs to be sounded for this huge percentage of the world's largest and most valuable businesses who are still exposed to attacks like those executed against Community Health Systems," said Jeff Hudson, CEO, Venafi. "Given the danger that these vulnerabilities pose to their business, remediating risks and securing and protecting keys and certificates needs to be a top priority not only for the IT team alone, but for the CEO, BOD, and CISO."
According to the Ponemon 2015 Cost of Failed Trust Report, the risk facing every Global 5000 enterprise from attacks on keys and certificates is at least $53 million (USD) over the next two years, an increase of 51 percent from 2013. Out of the countries examined in the report, TrustNet analysis found that Australian organizations are by far the most behind in remediating Heartbleed when compared to UK, Germany, France, United States and Netherlands.
In 2014, cybercriminals used the keys and certificates that were captured via Heartbleed in the Community Health Systems breach in which APT 18, a known Chinese espionage operator, stole 4.5 million patient records. Among more than 2,300 IT security professionals surveyed in the 2015 Cost of Failed Trust research, 100 percent acknowledged having responded to at least one attack on its organization's keys and certificates in the past two years. Sixty percent of participants agreed their organizations must do a better job responding to vulnerabilities like Heartbleed involving keys and certificates.
Download the Venafi Heartbleed One Year Later Analysis (PDF) at: https://www.venafi.com/HeartsBleed/
About Venafi
Venafi is the market-leading cybersecurity company in Next Generation Trust Protection (NGTP). As a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures, and unplanned outages.
As part of any enterprise infrastructure protection strategy, Venafi TrustAuthority™ and Venafi TrustForce™ help organizations regain control over trust in the cloud, on mobile devices, applications, virtual machines, and network devices by protecting Any Key. Any Certificate. Anywhere™. Venafi prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity, and remediates errors and attacks by automatically replacing misconfigured and compromised keys and certificates. Venafi Threat Center provides primary research and threat intelligence for trust-based attacks.
Selected as a 2013 FiReStarter and Red Herring Top 100 company, Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, manufacturing, healthcare, and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners, and Origin Partners. For more information, visit www.venafi.com.
SOURCE Venafi
Related Links
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article