Chances are your company, like many others, is using encryption to ensure the privacy of your data. However, as it turns out, cyber criminals have become adept at covering up breaches using the same technology, according to a study that was recently released.
In fact, encryption has been used to disguise the malware in nearly half of cyber attacks during a 12-month period, the study conducted by the Ponemon Institute and A10 Networks revealed. That’s presents a significant problem because SSL encryption allows the malware to go undetected by many security tools.
The study, which is called The Hidden Threats in Encrypted Traffic, helps organizations “better understand the risks to help them better address vulnerabilities in their networks,” said Ponemon Institute chairman Larry Ponemon.
The research included feedback from more than 1,000 IT and IT security practitioners based in the United States, Canada, Europe, Africa and the Middle East. Of those polled, 80 percent said their companies had experienced a cyber attack within the past year. About 50 percent said that encryption had been used as a way to avoid detection.
Many of the companies — about 65 percent — also said that their companies were not equipped to detect malicious SSL traffic. They cited reasons ranging from insufficient skills and resources (45 percent) to the absence of enabling security tools (47 percent).
Software-based encryption making inroads
While there are concerns about hackers using encryption, innovations are underway to advance the technology, according to ComputerWorld.com. Now that data center workloads are migrating to the cloud, there’s an increasing need to encrypt data both in motion and at rest, the report said.
As a result, more infrastructure platforms will be available with encryption that’s built in and is continuously on.