Welcome!

News Feed Item

CIOs Admit to Wasting Millions on Cybersecurity that Doesn't Work on Half of Attacks

New Venafi survey shows 90% of CIOs expect to be attacked because they're blind to new threats

SALT LAKE CITY, Feb. 24, 2016 /PRNewswire/ -- Venafi, the Immune System for the Internet™, announced today the findings of a global survey of 500 CIOs conducted by Vanson Bourne about the prevalence and business impact of failed IT security. The survey found overwhelming consensus among IT executives that the foundation of cybersecurity—cryptographic keys and digital certificates—is being left unprotected, leaving enterprises blind, in chaos, and unable to defend their businesses.

CIOs acknowledge they are wasting millions of dollars on layered security defences because these tools blindly trust keys and certificates—unable to differentiate between which keys and certificates should be trusted and which shouldn't. With Gartner predicting that 50% of network attacks will come over SSL/TLS this means popular security systems like FireEye will only work half of the time. And CIOs recognize that this chaos is jeopardizing their most strategic plans to build Fast IT organizations around DevOps.

Key findings include:

  • 87% of CIOs believe their security defences are less effective since they can't inspect encrypted network traffic for attacks
  • 90% of CIOs have or expect to suffer from an attack in which encrypted traffic is used to hide the attack
  • 86% of CIOs think stolen encryption keys and digital certificates will be the next big market for hackers
  • 79% of CIOs agree that their core strategy to accelerate IT and innovation is in jeopardy because these initiatives introduce new vulnerabilities

Enterprises rely on tens of thousands of keys and certificates as the foundation of trust for their websites, virtual machines, mobile devices, and cloud servers. The technology was adopted to help solve the original Internet security problem of knowing what is safe and private. From online banking, secure communications and mobile applications to the Internet of Things, everything IP-based depends upon a key and certificate to create a trusted and secure connection. But unprotected keys and certificates are being misused by cybercriminals to hide in encrypted traffic, spoof websites, deploy malware, elevate their privileges, and steal data.

Deployed technologies like endpoint protection, advanced threat protection, next generation firewalls, behavioural analytics, intrusion detection systems (IDS) and data loss prevention (DLP) are fundamentally flawed because they cannot determine which keys and certificates are good or bad, friend or foe. As a result, one consequence is that they are unable to inspect the vast majority of encrypted network traffic. This leaves gaping holes in enterprise security defences. Cybercriminals are taking advantage of these security blind spots and are using unprotected keys and certificates to hide in encrypted traffic and circumvent security controls.

Download the report: 2016 CIO Study Results – The Threat to Our Cybersecurity Foundation 

"Keys and certificates are the foundation of cybersecurity, authenticating system connections and telling us if software and devices are doing what they are meant to. If this foundation collapses, we're in serious trouble," comments Kevin Bocek, Vice President Threat Intelligence and Security Strategy at Venafi. "With a compromised, stolen, or forged key and certificate, attackers can impersonate, surveil, and monitor their targets' websites, infrastructure, clouds, and mobile devices, and decrypt communications thought to be private."

"Increasingly, the systems we've put in place to verify and establish online trust are being turned against us. Worse still, the vendors that tell us they can protect us, can't. Endpoint protection, firewalls, IDS, DLP and the like are worse than useless because they are lulling people into a false sense of security. This research shows CIOs now understand they are wasting millions because security systems like FireEye can't stop half of the attacks. Gartner predicts that by 2017, more than half of the network attacks targeting enterprises will use encrypted traffic to bypass controls; these technologies can't defend against any of that! When you consider that the market for enterprise security is worth an estimated $83 billion worldwide, that's a lot of money being wasting on solutions that can only do their jobs some of the time."

"And the public markets are efficiently reflecting a loss of confidence in cybersecurity. It's no coincidence that 90% of CIOs admit to wasting billions on inadequate cybersecurity at the same time the HACK cybersecurity fund drops by 25% since November 2015. This is well ahead of the overall market downturn with a 10% decline in the S&P500 index."

The risks from unmanaged and unprotected keys and certificates increase as their numbers grow. A recent Ponemon report reveals that the average enterprise has more than 23,000 keys and certificates, and 54% of security professionals admit to not knowing where all of their keys and certificates are located, who owns them, or how they are used. CIOs are concerned that the increase in keys and certificates to support new IT initiatives will confound the problem.

In light of Encryption Everywhere plans, driven in large part by Edward Snowden's revelations and breach of the NSA, virtually all CIOs (95%) indicated they are worried about how they will securely manage and protect all encryption keys and certificates. And as the speed of IT increases—creating and decommissioning services based on elastic needs—keys and certificates will grow in orders of magnitude. When asked if the speed of DevOps makes it more difficult to know what is trusted or not in their organizations, 79% of CIOs said yes.

"Gartner predicts that by 2017 three out of four enterprise organizations will be moving to a bi-modal IT structure with two stream/two speed IT: one that supports existing apps that require stability and another that delivers fast IT for innovation and business-impacting projects.," said Bocek. "Yet using agile methods and introducing DevOps is an extremely high risk and chaotic endeavour. In these new environments security will always suffer and it will become virtually impossible to keep track of what can and can't be trusted."

"This is why we need an immune system for the internet," Bocek concludes. "Like a human immune system, it lets organizations know instantly which keys and certificates should be trusted and which shouldn't. With trust in keys and certificates restored, the value of a business's other security investments increases."

The research was conducted by independent market research company Vanson Bourne who surveyed a total of 500 CIOs from large enterprises from France, Germany, US and the UK.

About Vanson Bourne
Vanson Bourne is an independent specialist in market research for the technology sector. Our reputation for robust and credible research-based analysis is founded upon rigorous research principles and our ability to seek the opinions of senior decision makers across technical and business functions, in all business sectors and all major markets. For more information, visit www.vansonbourne.com.

About Venafi
Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity—cryptographic keys and digital certificates—so they can't be misused by bad guys in attacks. In today's connected world, cybercriminals want to gain trusted status and remain undetected, which makes keys and certificates a prime target. Unfortunately, most security systems blindly trust keys and certificates, allowing bad guys to use them to hide in encrypted traffic, spoof websites, deploy malware, and steal data. As the Immune System for the Internet, Venafi patrols across the network, on devices, behind the firewall, and throughout the internet to determine which SSL/TLS, SSH, WiFi, VPN and mobile keys and certificates are trusted, protects those that should be trusted, and fixes or blocks those that are not.

As the market-leading cybersecurity company in Next Generation Trust Protection (NGTP) and a Gartner-recognized Cool Vendor, the Venafi Trust Protection Platform™ protects keys and certificates and eliminates blind spots from threats hidden in encrypted traffic. As part of any enterprise infrastructure protection strategy, Venafi TrustAuthority™, Venafi TrustForce™, and Venafi TrustNet™ help organizations know what's trusted and "self" in order to regain control over keys and certificates on mobile devices, applications, virtual machines and network devices and out in the cloud. From stopping certificate-based outages to enabling SSL inspection, Venafi creates an ever-evolving, intelligent response that protects your network, business, and brand. Venafi Threat Center also provides primary research and threat intelligence for attacks on keys and certificates.

Venafi is the market leading cybersecurity company in Next Generation Trust Protection (NGTP). As a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures and unplanned outages.

Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, retail, insurance, healthcare, telecommunications, aerospace, manufacturing, and high tech. Today Venafi protects four of the top five U.S. banks, eight of the top U.S. 10 health insurance companies and four of the top seven U.S. retailers. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Intel Capital, Origin Partners, Pelion Venture Partners, QuestMark Partners, and Silver Lake Partners. For more information, visit www.venafi.com.

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/cios-admit-to-wasting-millions-on-cybersecurity-that-doesnt-work-on-half-of-attacks-300225208.html

SOURCE Venafi

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across supply chain networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost and time for product recall as well as advance trade. Are you curious about Blockchain and how it can provide you with new opportunities for innovation and growth? In her session at 20th Cloud Exp...
Cloud promises the agility required by today’s digital businesses. As organizations adopt cloud based infrastructures and services, their IT resources become increasingly dynamic and hybrid in nature. Managing these require modern IT operations and tools. In his session at 20th Cloud Expo, Raj Sundaram, Senior Principal Product Manager at CA Technologies, will discuss how to modernize your IT operations in order to proactively manage your hybrid cloud and IT environments. He will be sharing be...
Back in February of 2017, Andrew Clay Schafer of Pivotal tweeted the following: “seriously tho, the whole software industry is stuck on deployment when we desperately need architecture and telemetry.” Intrigue in a 140 characters. For me, I hear Andrew saying, “we’re jumping to step 5 before we’ve successfully completed steps 1-4.”
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
Five years ago development was seen as a dead-end career, now it’s anything but – with an explosion in mobile and IoT initiatives increasing the demand for skilled engineers. But apart from having a ready supply of great coders, what constitutes true ‘DevOps Royalty’? It’ll be the ability to craft resilient architectures, supportability, security everywhere across the software lifecycle. In his keynote at @DevOpsSummit at 20th Cloud Expo, Jeffrey Scheaffer, GM and SVP, Continuous Delivery Busine...
NHK, Japan Broadcasting, will feature the upcoming @ThingsExpo Silicon Valley in a special 'Internet of Things' and smart technology documentary that will be filmed on the expo floor between November 3 to 5, 2015, in Santa Clara. NHK is the sole public TV network in Japan equivalent to the BBC in the UK and the largest in Asia with many award-winning science and technology programs. Japanese TV is producing a documentary about IoT and Smart technology and will be covering @ThingsExpo Silicon Val...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
As pervasive as cloud technology is -- and as persuasive as the arguments are for using it -- the cloud has its limits. Some companies will always have security concerns about storing data in the cloud and certain high-transaction applications will always be better suited for on-premises storage. Those statements were among the bottom-line takeaways delivered at Cloud Expo this week, a three day, bi-annual event focused on cloud technologies, adoption and associated challenges.
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search an...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.