SlideShare a Scribd company logo

Trust Online is at the Breaking Point

Venafi
Venafi

Research by the Ponemon Institute found that the digital trust which underpins most of the world’s economy is nearing the breaking point—with no replacement in sight. For four years running, 100% of the organizations surveyed have responded to multiple attacks on keys and certificates, which enterprises use to establish digital trust in their data centers, applications, clouds and on mobile devices. • Learn why enterprises are vulnerable to trust-based attacks • Discover which types of attacks present the greatest risk and largest impact • See the estimated total possible financial impact ($597M, up nearly 50% from 2013) as well as the amount of risk per organization over the next two years

Internet
1 of 14
Download to read offline
TRUST ONLINE IS AT THE BREAKING POINT The trust established by cryptographic keys and digital certificates is in jeopardy
58% OF COMPANIES Need to better secure and protect their keys and certifiates 60% OF IT SECURITY TEAMS Believe their organization needs to better respond to vulnerabilities involving keys and certificates
100% ATTACKED All survey respondents reported that they have responded to attacks using keys and certificates within the last 2 years— this is a costly problem that is just getting worse. WHAT’S THE RESULT?
$597M TOTAL IMPACT Total possible impact per organizations for all attacks 2013UP 50% $53M RISK OF ATTACK Over the next 2 years per organization 2015 - $53M 2013 - $35M UP 51% Risk = Probability of attack x total impact $398M WHAT’S THE RESULT?
2,394 RESPONDENTS In Global 5,000 Organizations Australia 336France 339 Germany 574 UK 499 United States 646 WHO DID WE ASK?
TOP 5 INDUSTRIES Represented Financial Services 17% Government 11% Professional Services 8% Consumer Products 7% Retail 7% 59% OF COMPANIES Have 5,000 or more employees WHO DID WE ASK?
23,922 KEYS & CERTIFICATES On average per company UP 34% FROM 2013 $1000 PRICE TAG For a stolen certificate in the underground marketplace WHAT CAUSES THIS RISK?
54% OF ORGANIZATIONS ARE UNAWARE Most organizations do not know where all keys and certificates are located UP FROM 50% IN 2013 WHAT CAUSES THIS RISK?
CRYPTOAPOCALYPSE Most alarming threat to security professionals in 2015 is a Cryptoapocalypse: a discovered cryptographic weakness that becomes the ultimate weapon, allowing websites, payment transactions, stock trades, and governments to be spoofed or surveilled (term was coined by researchers presenting their findings at Black Hat 2013).1 1. Stamos, Alex, et al. Blackhat USA 2013. Preparing for the Cryptopocalypse. July 2013. WHAT ARE THE MOST ALARMING THREATS?
GREATEST RISK $22M Weak cryptographic exploit $11M Mobility certificate misuse $8.4M Code-signing certificate misuse $6.5M MITM attacks $3.1M SSH key misuse $1.9M Server certificate misuse LARGEST IMPACT $126M Mobility certificate misuse $114M Weak cryptographic exploit $102M Code-signing certificate misuse $93M SSH key theft $90M MITM attacks $73M Server certificate misuse WHAT ARE THE MOST ALARMING THREATS?
! THREAT TO MOBILE LOOMS LARGE Enterprise mobility certificates— used with WiFi, VPN, and MDM/EMM $11M- #2 Greatest Risk $126M - #1 Largest Impact WHAT ARE THE MOST ALARMING THREATS?
HALF OF IT SECURITY PROFESSIONALS BELIEVE • Trust established by keys and certificates is in jeopardy • The way we create trust is broken • Gartner is right,“Certificates can no longer be blindly trusted”2 2. Gartner. Maverick Research: Living in a World Without Trust: When IT’s Supply Chain Integrity and Online Infrastructure Get Pwned. Gartner Doc: G00238476. October 5, 2012. TRUST IS IN JEOPARDY
Know what’s being used: find all keys and certificates Always know what’s trusted, what’s not: continuously monitor, check reputation for all 1 3 Establish what should be trusted: enforce policy, automate security Remediate what’s not trusted: fix and replace vulnerable keys and certificates 2 4 4 RECOMMENDATIONS FOR SECURITY TEAMS
Protecting the trust established by keys and certificates must be a security priority Read the full report, 2015 Cost of Failed Trust Report Venafi.com/FailedTrust KEYS&CERTIFICATESMUSTBEBETTERSECURED&PROTECTED

Recommended

Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersVenafi
 
Verizon DBIR 2021
Verizon DBIR 2021Verizon DBIR 2021
Verizon DBIR 2021SOCRadar Inc
 
State of Security
State of SecurityState of Security
State of Security- Mark - Fullbright
 
Infographic: The crippled state of network security
Infographic: The crippled state of network securityInfographic: The crippled state of network security
Infographic: The crippled state of network securityGreat Bay Software
 
On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018Cloudflare
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
Identity Protection for the Digital Age
Identity Protection for the Digital AgeIdentity Protection for the Digital Age
Identity Protection for the Digital AgeIntel IT Center
 
Is your data safe Infographic by Symantec
Is your data safe Infographic by SymantecIs your data safe Infographic by Symantec
Is your data safe Infographic by SymantecCheapest SSLs
 

Recommended

Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersVenafi
 
Verizon DBIR 2021
Verizon DBIR 2021Verizon DBIR 2021
Verizon DBIR 2021SOCRadar Inc
 
State of Security
State of SecurityState of Security
State of Security- Mark - Fullbright
 
Infographic: The crippled state of network security
Infographic: The crippled state of network securityInfographic: The crippled state of network security
Infographic: The crippled state of network securityGreat Bay Software
 
On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018On the Bleeding Edge: 8 Predictions for the Internet in 2018
On the Bleeding Edge: 8 Predictions for the Internet in 2018Cloudflare
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
Identity Protection for the Digital Age
Identity Protection for the Digital AgeIdentity Protection for the Digital Age
Identity Protection for the Digital AgeIntel IT Center
 
Is your data safe Infographic by Symantec
Is your data safe Infographic by SymantecIs your data safe Infographic by Symantec
Is your data safe Infographic by SymantecCheapest SSLs
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...SBWebinars
 
State of cybersecurity report 2020- Post Covid 19
State of cybersecurity report 2020- Post Covid 19State of cybersecurity report 2020- Post Covid 19
State of cybersecurity report 2020- Post Covid 19HarryJake1
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?Ping Identity
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
How secure is your enterprise from threats?
How secure is your enterprise from threats? How secure is your enterprise from threats?
How secure is your enterprise from threats? IBM Analytics
 
2019 State of Cyber Security Report
2019 State of Cyber Security Report2019 State of Cyber Security Report
2019 State of Cyber Security ReportMohamed Zaheer Husain
 
Be An IT Hero - 10 Reasons to Move to the Cloud
Be An IT Hero - 10 Reasons to Move to the CloudBe An IT Hero - 10 Reasons to Move to the Cloud
Be An IT Hero - 10 Reasons to Move to the CloudUS Medical IT
 
Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017Gary Chambers
 
India Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec ResearchIndia Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec ResearchMehul Doshi
 
Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint
 
Cyberattacks and Enterprise Risk Management
Cyberattacks and Enterprise Risk ManagementCyberattacks and Enterprise Risk Management
Cyberattacks and Enterprise Risk ManagementIvanti
 
Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...
Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...
Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...inSOC
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?Ankit Dua
 
2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&A2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&ANick Normile
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Entersoft Security
 
Internet Security: Protect the Personal; Defend the Workplace
Internet Security: Protect the Personal; Defend the WorkplaceInternet Security: Protect the Personal; Defend the Workplace
Internet Security: Protect the Personal; Defend the WorkplaceMarian Merritt
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat LandscapeQuick Heal Technologies Ltd.
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
How and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's BusinessHow and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's BusinessSendio
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 

More Related Content

What's hot

2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...SBWebinars
 
State of cybersecurity report 2020- Post Covid 19
State of cybersecurity report 2020- Post Covid 19State of cybersecurity report 2020- Post Covid 19
State of cybersecurity report 2020- Post Covid 19HarryJake1
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?Ping Identity
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
How secure is your enterprise from threats?
How secure is your enterprise from threats? How secure is your enterprise from threats?
How secure is your enterprise from threats? IBM Analytics
 
Be An IT Hero - 10 Reasons to Move to the Cloud
Be An IT Hero - 10 Reasons to Move to the CloudBe An IT Hero - 10 Reasons to Move to the Cloud
Be An IT Hero - 10 Reasons to Move to the CloudUS Medical IT
 
Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017Gary Chambers
 
India Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec ResearchIndia Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec ResearchMehul Doshi
 
Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint
 
Cyberattacks and Enterprise Risk Management
Cyberattacks and Enterprise Risk ManagementCyberattacks and Enterprise Risk Management
Cyberattacks and Enterprise Risk ManagementIvanti
 
Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...
Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...
Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...inSOC
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?Ankit Dua
 
2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&A2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&ANick Normile
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Entersoft Security
 
Internet Security: Protect the Personal; Defend the Workplace
Internet Security: Protect the Personal; Defend the WorkplaceInternet Security: Protect the Personal; Defend the Workplace
Internet Security: Protect the Personal; Defend the WorkplaceMarian Merritt
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
How and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's BusinessHow and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's BusinessSendio
 

What's hot (20)

2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
 
State of cybersecurity report 2020- Post Covid 19
State of cybersecurity report 2020- Post Covid 19State of cybersecurity report 2020- Post Covid 19
State of cybersecurity report 2020- Post Covid 19
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
How secure is your enterprise from threats?
How secure is your enterprise from threats? How secure is your enterprise from threats?
How secure is your enterprise from threats?
 
2019 State of Cyber Security Report
2019 State of Cyber Security Report2019 State of Cyber Security Report
2019 State of Cyber Security Report
 
Be An IT Hero - 10 Reasons to Move to the Cloud
Be An IT Hero - 10 Reasons to Move to the CloudBe An IT Hero - 10 Reasons to Move to the Cloud
Be An IT Hero - 10 Reasons to Move to the Cloud
 
Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017
 
India Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec ResearchIndia Threat Lanscape as per Symantec Research
India Threat Lanscape as per Symantec Research
 
Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018
 
Cyberattacks and Enterprise Risk Management
Cyberattacks and Enterprise Risk ManagementCyberattacks and Enterprise Risk Management
Cyberattacks and Enterprise Risk Management
 
Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...
Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...
Implement Effective Cybersecurity Practices In 2021 With Top LA Prevention Re...
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?
 
2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&A2014-15 Cybersecurity Venture Funding and M&A
2014-15 Cybersecurity Venture Funding and M&A
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018
 
Internet Security: Protect the Personal; Defend the Workplace
Internet Security: Protect the Personal; Defend the WorkplaceInternet Security: Protect the Personal; Defend the Workplace
Internet Security: Protect the Personal; Defend the Workplace
 
Digital Threat Landscape
Digital Threat LandscapeDigital Threat Landscape
Digital Threat Landscape
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
How and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's BusinessHow and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's Business
 

Similar to Trust Online is at the Breaking Point

Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougUlf Mattsson
 
2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...NetwayClub
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochureMark Gibson
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfMoney 2Conf
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessGreg Wartes, MCP
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism Accenture
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughSecureAuth
 
Cybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesCybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesSeqrite
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 
Fraudsters Hackers & Thieves!
Fraudsters Hackers & Thieves!Fraudsters Hackers & Thieves!
Fraudsters Hackers & Thieves!Echoworx
 
Fraudsters Hackers & Thieves
Fraudsters Hackers & ThievesFraudsters Hackers & Thieves
Fraudsters Hackers & ThievesLorena Magee
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 

Similar to Trust Online is at the Breaking Point (20)

Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 
Key note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyougKey note in nyc the next breach target and how oracle can help - nyoug
Key note in nyc the next breach target and how oracle can help - nyoug
 
2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
 
The State of Ransomware 2020
The State of Ransomware 2020The State of Ransomware 2020
The State of Ransomware 2020
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochure
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism
 
Why Two-Factor Isn't Enough
Why Two-Factor Isn't EnoughWhy Two-Factor Isn't Enough
Why Two-Factor Isn't Enough
 
Cybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized BusinessesCybersecurity Myths for Small and Medium-Sized Businesses
Cybersecurity Myths for Small and Medium-Sized Businesses
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
Fraudsters Hackers & Thieves!
Fraudsters Hackers & Thieves!Fraudsters Hackers & Thieves!
Fraudsters Hackers & Thieves!
 
Fraudsters Hackers & Thieves
Fraudsters Hackers & ThievesFraudsters Hackers & Thieves
Fraudsters Hackers & Thieves
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 

More from Venafi

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?Venafi
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...Venafi
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsVenafi
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA GraphicVenafi
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSAVenafi
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case studyVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersVenafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflameVenafi
 

More from Venafi (11)

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case study
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
 

Recently uploaded

A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxBipin Adhikari
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 

Recently uploaded (20)

A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptx
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 

Trust Online is at the Breaking Point

  • 1. TRUST ONLINE IS AT THE BREAKING POINT The trust established by cryptographic keys and digital certificates is in jeopardy
  • 2. 58% OF COMPANIES Need to better secure and protect their keys and certifiates 60% OF IT SECURITY TEAMS Believe their organization needs to better respond to vulnerabilities involving keys and certificates
  • 3. 100% ATTACKED All survey respondents reported that they have responded to attacks using keys and certificates within the last 2 years— this is a costly problem that is just getting worse. WHAT’S THE RESULT?
  • 4. $597M TOTAL IMPACT Total possible impact per organizations for all attacks 2013UP 50% $53M RISK OF ATTACK Over the next 2 years per organization 2015 - $53M 2013 - $35M UP 51% Risk = Probability of attack x total impact $398M WHAT’S THE RESULT?
  • 5. 2,394 RESPONDENTS In Global 5,000 Organizations Australia 336France 339 Germany 574 UK 499 United States 646 WHO DID WE ASK?
  • 7. 23,922 KEYS & CERTIFICATES On average per company UP 34% FROM 2013 $1000 PRICE TAG For a stolen certificate in the underground marketplace WHAT CAUSES THIS RISK?
  • 8. 54% OF ORGANIZATIONS ARE UNAWARE Most organizations do not know where all keys and certificates are located UP FROM 50% IN 2013 WHAT CAUSES THIS RISK?
  • 9. CRYPTOAPOCALYPSE Most alarming threat to security professionals in 2015 is a Cryptoapocalypse: a discovered cryptographic weakness that becomes the ultimate weapon, allowing websites, payment transactions, stock trades, and governments to be spoofed or surveilled (term was coined by researchers presenting their findings at Black Hat 2013).1 1. Stamos, Alex, et al. Blackhat USA 2013. Preparing for the Cryptopocalypse. July 2013. WHAT ARE THE MOST ALARMING THREATS?
  • 10. GREATEST RISK $22M Weak cryptographic exploit $11M Mobility certificate misuse $8.4M Code-signing certificate misuse $6.5M MITM attacks $3.1M SSH key misuse $1.9M Server certificate misuse LARGEST IMPACT $126M Mobility certificate misuse $114M Weak cryptographic exploit $102M Code-signing certificate misuse $93M SSH key theft $90M MITM attacks $73M Server certificate misuse WHAT ARE THE MOST ALARMING THREATS?
  • 11. ! THREAT TO MOBILE LOOMS LARGE Enterprise mobility certificates— used with WiFi, VPN, and MDM/EMM $11M- #2 Greatest Risk $126M - #1 Largest Impact WHAT ARE THE MOST ALARMING THREATS?
  • 12. HALF OF IT SECURITY PROFESSIONALS BELIEVE • Trust established by keys and certificates is in jeopardy • The way we create trust is broken • Gartner is right,“Certificates can no longer be blindly trusted”2 2. Gartner. Maverick Research: Living in a World Without Trust: When IT’s Supply Chain Integrity and Online Infrastructure Get Pwned. Gartner Doc: G00238476. October 5, 2012. TRUST IS IN JEOPARDY
  • 13. Know what’s being used: find all keys and certificates Always know what’s trusted, what’s not: continuously monitor, check reputation for all 1 3 Establish what should be trusted: enforce policy, automate security Remediate what’s not trusted: fix and replace vulnerable keys and certificates 2 4 4 RECOMMENDATIONS FOR SECURITY TEAMS
  • 14. Protecting the trust established by keys and certificates must be a security priority Read the full report, 2015 Cost of Failed Trust Report Venafi.com/FailedTrust KEYS&CERTIFICATESMUSTBEBETTERSECURED&PROTECTED