New Ponemon Report Reveals Businesses Are Losing Customers Due to Unprotected Keys and Certificates
Availability, Compliance, and Security Risks Increase Dramatically; Certificate-Related Outages Cost $15M Per Incident with $53M in Security Risk Over 2 Years
SALT LAKE CITY, Sept. 30, 2015 /PRNewswire/ -- The Ponemon Institute and Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, today released new data on the direct business impact on global organizations from unsecured cryptographic keys and digital certificates in the 2015 Cost of Failed Trust Report: When Trust Online Breaks, Businesses Lose Customers. The newly released data from a survey of over 2,300 global IT security professionals reveals how unprotected and poorly managed keys and certificates result in a loss of customers, costly outages, failed audits, and security breaches.
To view a full copy of the report, please visit: Venafi.com/BrokenTrust
Earlier this year, the Ponemon Institute and Venafi published research on the risks global businesses face from attacks using keys and certificates in the 2015 Cost of Failed Trust Report: Trust Online is at the Breaking Point. Consensus among global survey participants from Australia, France, Germany, UK, and the US was that the system of online trust was at the breaking point. Unpublished data from the survey is now available in this new report that shows businesses around the globe are suffering the damaging impacts of unsecured keys and certificates.
- When trust online breaks, businesses lose customers: Nearly two-thirds (59%) of respondents admitted to losing customers because they failed to secure the online trust established by keys and certificates, with an average cost of $15 million per outage.
- Critical business systems are failing: An average of over 2 certificate-related unplanned outages have been reported per organization over the last 2 years.
- Businesses are failing audits: On average, organizations failed at least one SSL/TLS audit and at least one SSH audit within the last 2 years.
"When businesses fail to properly secure and manage their keys and certificates, there is a direct financial impact with lost customers and lost revenue," said Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi. "Every business relies on the trust provided by keys and certificates to operate, even if they don't realize it. That's why it's imperative that IT ops and IT security teams conduct regular audits to locate all the certificates and keys they are using, determine expiration dates, and then put proper policies in place to avoid data breaches, unplanned outages, and failed audits."
From online banking and mobile applications to the Internet of Things, everything IP-based depends upon a key and certificate to create a trusted connection, and our reliance on keys and certificates continues to grow with increased use for SSL/TLS, as well as mobile, WiFi, and VPN access. This increased reliance causes a dramatic increase in risk for availability, compliance, and security. However, the amount of risk is not equal across these areas—the security risks dwarf the availability and compliance risks nearly 7 to 1, with $53 million over the next 2 years in security risk compared to $7.2 million in combined compliance and availability business risks.
When asked about the challenges of protecting and managing keys and certificates, 54% of the IT security professionals surveyed said they don't know how many keys they have, where they are located, or how they are used. This is up from 50% two years ago. However, most security analysts believe this number to be grossly underestimated. Similarly, 54% said they lack policy enforcement and remediation for keys and certificates. Organizations must address these challenges which underlie the security, availability, and compliance risks caused by unsecure keys and certificates.
"We hope this report will help IT security and executive teams realize the major risk that unprotected and poorly managed cryptographic keys and digital certificates are posing to enterprises," said Larry Ponemon, Chairman and Founder of The Ponemon Institute. "Keys and certificates are broadly deployed and are critical for creating trusted connections and securing businesses. It's clear that this report data underscores a symptom of a larger security problem — if you don't know where your keys and certificates are, can't continuously monitor them, and are unable to automate their secure lifecycle, then you simply can't protect them. Ultimately, this is why online trust is broken."
About Ponemon Institute
Ponemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world. Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. www.ponemon.org.
About Venafi
Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity—cryptographic keys and digital certificates—so they can't be misused by bad guys in attacks. In today's connected world, cybercriminals want to gain trusted status and remain undetected, which makes keys and certificates a prime target. Unfortunately, most security systems blindly trust keys and certificates, allowing bad guys to use them to hide in encrypted traffic, spoof websites, deploy malware, and steal data. As the Immune System for the Internet, Venafi patrols across the network, on devices, behind the firewall, and throughout the internet to determine which SSL/TLS, SSH, WiFi, VPN and mobile keys and certificates are trusted, protects those that should be trusted, and fixes or blocks those that are not.
As the market-leading cybersecurity company in Next Generation Trust Protection (NGTP) and a Gartner-recognized Cool Vendor, the Venafi Trust Protection Platform™ protects keys and certificates and eliminates blind spots from threats hidden in encrypted traffic. As part of any enterprise infrastructure protection strategy, Venafi TrustAuthority™, Venafi TrustForce™, and Venafi TrustNet™ help organizations know what's trusted and "self" in order to regain control over keys and certificates on mobile devices, applications, virtual machines and network devices and out in the cloud. From stopping certificate-based outages to enabling SSL inspection, Venafi creates an ever-evolving, intelligent response that protects your network, business, and brand. Venafi Threat Center also provides primary research and threat intelligence for attacks on keys and certificates.
Venafi is the market leading cybersecurity company in Next Generation Trust Protection (NGTP). As a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures and unplanned outages.
Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, retail, insurance, healthcare, telecommunications, aerospace, manufacturing, and high tech. Today Venafi protects four of the top five U.S. banks, eight of the top U.S. 10 health insurance companies and four of the top seven U.S. retailers. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Intel Capital, Origin Partners, Pelion Venture Partners, QuestMark Partners, and Silver Lake Partners. For more information, visit www.venafi.com.
SOURCE Venafi
Related Links
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article