Welcome!

News Feed Item

CIOs Admit to Wasting Millions on Cybersecurity that Doesn't Work on Half of Attacks

New Venafi survey shows 90% of CIOs expect to be attacked because they're blind to new threats

SALT LAKE CITY, Feb. 24, 2016 /PRNewswire/ -- Venafi, the Immune System for the Internet™, announced today the findings of a global survey of 500 CIOs conducted by Vanson Bourne about the prevalence and business impact of failed IT security. The survey found overwhelming consensus among IT executives that the foundation of cybersecurity—cryptographic keys and digital certificates—is being left unprotected, leaving enterprises blind, in chaos, and unable to defend their businesses.

CIOs acknowledge they are wasting millions of dollars on layered security defences because these tools blindly trust keys and certificates—unable to differentiate between which keys and certificates should be trusted and which shouldn't. With Gartner predicting that 50% of network attacks will come over SSL/TLS this means popular security systems like FireEye will only work half of the time. And CIOs recognize that this chaos is jeopardizing their most strategic plans to build Fast IT organizations around DevOps.

Key findings include:

  • 87% of CIOs believe their security defences are less effective since they can't inspect encrypted network traffic for attacks
  • 90% of CIOs have or expect to suffer from an attack in which encrypted traffic is used to hide the attack
  • 86% of CIOs think stolen encryption keys and digital certificates will be the next big market for hackers
  • 79% of CIOs agree that their core strategy to accelerate IT and innovation is in jeopardy because these initiatives introduce new vulnerabilities

Enterprises rely on tens of thousands of keys and certificates as the foundation of trust for their websites, virtual machines, mobile devices, and cloud servers. The technology was adopted to help solve the original Internet security problem of knowing what is safe and private. From online banking, secure communications and mobile applications to the Internet of Things, everything IP-based depends upon a key and certificate to create a trusted and secure connection. But unprotected keys and certificates are being misused by cybercriminals to hide in encrypted traffic, spoof websites, deploy malware, elevate their privileges, and steal data.

Deployed technologies like endpoint protection, advanced threat protection, next generation firewalls, behavioural analytics, intrusion detection systems (IDS) and data loss prevention (DLP) are fundamentally flawed because they cannot determine which keys and certificates are good or bad, friend or foe. As a result, one consequence is that they are unable to inspect the vast majority of encrypted network traffic. This leaves gaping holes in enterprise security defences. Cybercriminals are taking advantage of these security blind spots and are using unprotected keys and certificates to hide in encrypted traffic and circumvent security controls.

Download the report: 2016 CIO Study Results – The Threat to Our Cybersecurity Foundation 

"Keys and certificates are the foundation of cybersecurity, authenticating system connections and telling us if software and devices are doing what they are meant to. If this foundation collapses, we're in serious trouble," comments Kevin Bocek, Vice President Threat Intelligence and Security Strategy at Venafi. "With a compromised, stolen, or forged key and certificate, attackers can impersonate, surveil, and monitor their targets' websites, infrastructure, clouds, and mobile devices, and decrypt communications thought to be private."

"Increasingly, the systems we've put in place to verify and establish online trust are being turned against us. Worse still, the vendors that tell us they can protect us, can't. Endpoint protection, firewalls, IDS, DLP and the like are worse than useless because they are lulling people into a false sense of security. This research shows CIOs now understand they are wasting millions because security systems like FireEye can't stop half of the attacks. Gartner predicts that by 2017, more than half of the network attacks targeting enterprises will use encrypted traffic to bypass controls; these technologies can't defend against any of that! When you consider that the market for enterprise security is worth an estimated $83 billion worldwide, that's a lot of money being wasting on solutions that can only do their jobs some of the time."

"And the public markets are efficiently reflecting a loss of confidence in cybersecurity. It's no coincidence that 90% of CIOs admit to wasting billions on inadequate cybersecurity at the same time the HACK cybersecurity fund drops by 25% since November 2015. This is well ahead of the overall market downturn with a 10% decline in the S&P500 index."

The risks from unmanaged and unprotected keys and certificates increase as their numbers grow. A recent Ponemon report reveals that the average enterprise has more than 23,000 keys and certificates, and 54% of security professionals admit to not knowing where all of their keys and certificates are located, who owns them, or how they are used. CIOs are concerned that the increase in keys and certificates to support new IT initiatives will confound the problem.

In light of Encryption Everywhere plans, driven in large part by Edward Snowden's revelations and breach of the NSA, virtually all CIOs (95%) indicated they are worried about how they will securely manage and protect all encryption keys and certificates. And as the speed of IT increases—creating and decommissioning services based on elastic needs—keys and certificates will grow in orders of magnitude. When asked if the speed of DevOps makes it more difficult to know what is trusted or not in their organizations, 79% of CIOs said yes.

"Gartner predicts that by 2017 three out of four enterprise organizations will be moving to a bi-modal IT structure with two stream/two speed IT: one that supports existing apps that require stability and another that delivers fast IT for innovation and business-impacting projects.," said Bocek. "Yet using agile methods and introducing DevOps is an extremely high risk and chaotic endeavour. In these new environments security will always suffer and it will become virtually impossible to keep track of what can and can't be trusted."

"This is why we need an immune system for the internet," Bocek concludes. "Like a human immune system, it lets organizations know instantly which keys and certificates should be trusted and which shouldn't. With trust in keys and certificates restored, the value of a business's other security investments increases."

The research was conducted by independent market research company Vanson Bourne who surveyed a total of 500 CIOs from large enterprises from France, Germany, US and the UK.

About Vanson Bourne
Vanson Bourne is an independent specialist in market research for the technology sector. Our reputation for robust and credible research-based analysis is founded upon rigorous research principles and our ability to seek the opinions of senior decision makers across technical and business functions, in all business sectors and all major markets. For more information, visit www.vansonbourne.com.

About Venafi
Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity—cryptographic keys and digital certificates—so they can't be misused by bad guys in attacks. In today's connected world, cybercriminals want to gain trusted status and remain undetected, which makes keys and certificates a prime target. Unfortunately, most security systems blindly trust keys and certificates, allowing bad guys to use them to hide in encrypted traffic, spoof websites, deploy malware, and steal data. As the Immune System for the Internet, Venafi patrols across the network, on devices, behind the firewall, and throughout the internet to determine which SSL/TLS, SSH, WiFi, VPN and mobile keys and certificates are trusted, protects those that should be trusted, and fixes or blocks those that are not.

As the market-leading cybersecurity company in Next Generation Trust Protection (NGTP) and a Gartner-recognized Cool Vendor, the Venafi Trust Protection Platform™ protects keys and certificates and eliminates blind spots from threats hidden in encrypted traffic. As part of any enterprise infrastructure protection strategy, Venafi TrustAuthority™, Venafi TrustForce™, and Venafi TrustNet™ help organizations know what's trusted and "self" in order to regain control over keys and certificates on mobile devices, applications, virtual machines and network devices and out in the cloud. From stopping certificate-based outages to enabling SSL inspection, Venafi creates an ever-evolving, intelligent response that protects your network, business, and brand. Venafi Threat Center also provides primary research and threat intelligence for attacks on keys and certificates.

Venafi is the market leading cybersecurity company in Next Generation Trust Protection (NGTP). As a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures and unplanned outages.

Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, retail, insurance, healthcare, telecommunications, aerospace, manufacturing, and high tech. Today Venafi protects four of the top five U.S. banks, eight of the top U.S. 10 health insurance companies and four of the top seven U.S. retailers. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Intel Capital, Origin Partners, Pelion Venture Partners, QuestMark Partners, and Silver Lake Partners. For more information, visit www.venafi.com.

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/cios-admit-to-wasting-millions-on-cybersecurity-that-doesnt-work-on-half-of-attacks-300225208.html

SOURCE Venafi

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous a...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...