Businesses risk losing customers

The Ponemon Institute and Venafi have released new data from the 2015 Cost of Failed Trust Report, on the inherent risk and direct business impact from unsecured cryptographic keys and digital certificates on Global organizations.

  • 9 years ago Posted in
The newly released data from a survey of over 2,300 global IT security professionals reveals how the growing dependence on the digital trust provided by keys and certificates correlates directly to an increased loss of customers, costly outages, failed audits and security breaches. The security risks dwarf the availability and compliance risks nearly 5 to 1, with $53 million over the next 2 years in security risks compared $7.2 million in combined compliance and availability business risks.
 
As a result, Global enterprises are losing customers, millions in revenue and even shutting down completely. When asked how keys and certificates became a challenge for their businesses, 54% of those surveyed responded a lack of visibility and don’t know how many keys and certificates are deployed, where they are used, or what policies govern their use. Knowing that digital certificates have differing and short lifespans of weeks, months or years, this shows the incredible lack of policy enforcement and remediation that’s occurring internally within the information security department. 
 
“When businesses fail to properly secure and manage their keys and certificates, there is a direct financial impact with lost customers and lost revenue,” said Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi. “Every business relies on cryptographic keys and digital certificates to operate, even if they don’t realize it. That’s why it’s imperative that IT ops and IT security teams conduct regular audits to locate all the certificates and keys they are using, determine expiration dates and then put proper policies in place to avoid data breaches, unplanned outages, and failed audits.”
 
Venafi’s 2015 Cost of Failed Trust Report also revealed:
·         Unsecured keys and certificates are causing businesses to lose customers: Nearly two-thirds (59%) admitted to losing customers because they failed to secure the online trust established by keys and certificates.
·         Business systems are failing: An average of over 2 certificate-related unplanned outages have been reported per organization over the last 2 years. Over the last 2 years, every business has failed one or more SSL/TLS audits and one or more SSH audits.
·         The risk continues—at great cost: Our reliance on keys and certificates continues to grow with their increased use for SSL/TLS as well as mobile, WiFi, and VPN access, and the explosion of Internet of Things (IoT) devices. This increased reliance causes a dramatic increase in risk for availability, compliance, and security. However, the amount of risk is not equal across these areas—security risk at $53 million over the next 2 years dwarfs availability and compliance risk, which totals $7.2 million.
·         Challenges must be addressed: Over half (54%) admitted to a lack of visibility and a lack of policy enforcement and remediation for keys and certificates. Organizations must address these challenges which underlie the security, availability, and compliance risks caused by unsecure keys and certificates.
 
“We hope this report will help Global 5000 security and executive teams realize the major risk that expired cryptographic keys and digital certificates are posing to the enterprise,” said Jeff Hudson, CEO, Venafi. “With keys and certificates broadly deployed and so integral to the future of business growth, this data is pointing to a symptom of a larger security issue - if you can’t manage your keys and certificates then you can’t protect them and you’re living in a world without trust. That’s why Venafi provides the Immune System for the Internet - we help Global 5000 enterprises everywhere find, manage and protect their keys and certificates, which are increasingly being targeted by cyber criminals for misuse.”
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Trend Micro has released new research detailing the murky cybercrime supply chain behind much of...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...
State of Industrial Cybersecurity report reveals only 21% of organizations achieved full maturity...