The Devil is in the Data - Infographic » Irish image and data auditing company PixAlert have released an infographic highlighting the signifi... Wargaming Brings its Naval MMO to gamescom 2014 » Wargaming has announced its presence at gamescom 2014, the world's largest trade fair for interactiv... Barracuda Backup achieves VMware Ready status » Basingstoke: Barracuda Networks, Inc. has announced that Barracuda Backup has achieved VMware Ready™... Valuing the Police Report » Her Majesty's Inspectorate of Constabulary (HMIC) has rated the Metropolitan Police Service (MPS) as... Fonix Mobile selects Alert Logic to extend its s... » London: London-based SMS messaging and mobile payment billing company Fonix Mobile has chosen Alert ... Attenda positioned for Cloud-enabled managed hosti... » London: Attenda Limited today has been positioned by Gartner Inc., in the Challengers quadrant of th... Downing of Malaysian jet: UN calls on parties t... » [The UN Security Council holds a moment of silence in honour of the victims of crashed flight MH17. ... How foreign security firms are treating Nigerians ... » ...With introduction by JOHN ODEY ADUMA, EDITOR AND BRITISH CHEVENING SCHOLAR The Presi... Bill Butler happy with key survey findings » Boss of the SIA Executive Bill Butler welcomes the key findings of the recently published IFSEC Glob... Mighty Mitie is over £3.75 million richer as it... » Mitie was recently awarded three contracts in its award-winning painting business. Combined, the thr...

CLICK HERE TO

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

Underwritten by Venafi, groundbreaking research quantifies the financial impact of cryptographic key and digital certificate management failures; identifies most alarming threats

London: Ponemon Institute and Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, have announced the 2013 Annual Cost of Failed Trust Report: Threats & Attacks. This new annual report provides the first extensive examination of how failure to control trust in the face of new and evolving security threats places every global enterprise at risk. Based on survey participant expectations, organisations are projected to lose $35 million (USD) over the next 24 months. This estimate is based on a total possible cost exposure of $398 million per organisation. These and other conclusions are based on new primary research conducted by Ponemon Institute among Global 2000 organisations based in Australia, France, Germany, the United Kingdom and the United States.

Click to Tweet: #PonemonInstitute research reveals #cost of #trust #breach can cost #GlobalEnterprises $398M each @Venafi #security

Every business and government agency relies on critical security technologies to ensure that communications and transactions conducted across the Internet, as well as within closed networks, remain trusted, private and compliant with regulations. The most essential of these technologies are cryptographic keys and digital certificates, which provide the foundation of trust for the modern world of secure communications, card payments, online shopping, smartphones and cloud computing.

Yet failing to manage certificates and keys creates vulnerabilities that cybercriminals exploit to breach enterprise networks, steal data and disrupt critical business operations. Until now, the cost of failed trust from these attacks has not been quantified but is based only on anecdotal evidence. This report changes that by providing hard research data about the financial risks.

Download the full Ponemon 2103 “Annual Cost of Failed Trust Report: Threats & Attacks” here.

“In partnering with Venafi, we set out to answer for the first time one of the most sought-after questions in information security and compliance: what are the precise financial consequences of failed trust from malicious attacks that exploit cryptographic key and certificate management failures?” said Larry Ponemon, chairman and founder of Ponemon Institute Research. “We rely on keys and certificates to provide the bedrock of trust for all business and government activities, online and in the cloud. Yet criminals are turning our dependence on these trust instruments against us at an alarming rate.

“This new research not only allows us to quantify the cost of these trust exploits, but also gives insight into how enterprise failures in key and certificate management open the door to criminals. More than half of the companies surveyed, for instance, do not know how many keys and certificates they have, which is both a serious security issue and a Governance, Risk and Compliance (GRC) gap that executives must address with proper controls,” said Ponemon. “It’s not surprising then that all companies we spoke with had suffered an attack on trust due to failed key and certificate management, or that these attacks are projected to cost organisations an average of $35 million, with a maximum possible cost exposure of $398 million per organisation. This level of risk and exposure demands remediation.”

The report reveals many findings, including:

High costs: On average enterprises are projected to risk losing an average of $35 million over 24 months from attacks on trust. This is based on a total possible cost exposure of almost $400 million per organisation.

Expensive, preventable exploits: Easily preventable exploits of weak cryptography are most likely and are costly, averaging $125 million per incident, per organisation.

Consequences for Certificate Authority (CA) compromises: Attacks on trusted CAs lead to man-in-the-middle and phishing attacks on enterprises, with costs averaging $73 million per incident, per organisation.

Wide-spread vulnerability: All surveyed enterprises suffered at least one attack on trust due to failed key and certificate management.

In addition to revealing the financial impact of failing to control trust, the research also demonstrates the extent of the challenge facing enterprises in regaining control of their keys and certificates:

Too vast a problem for manual management: Enterprises estimate they have on average 17,807 keys and certificates, per organisation.

Unknown and unquantified risk: Fifty-one percent of surveyed organisations do not know exactly how many keys and certificates they have.

Clear and present danger to cloud computing: Respondents believe difficult-to-detect attacks on Secure Shell (SSH) keys, critical for cloud services from Amazon and Microsoft, present the most alarming threat arising from failure to control trust.

Need to establish control over trust: Already 59 percent of enterprises believe that proper key and certificate management can help them regain control over trust and avoid these risks.

“Cyber criminals understand how fragile our ability to control trust has become, and as a result, they continue to target failed key and certificate management,” said Venafi CEO Jeff Hudson. “These exploits wreak havoc by causing unplanned outages, productivity loss, brand damage and data breaches. Until today the financial impact, the extent of the challenges and the industry’s recognition of these compromises remained largely unknown and unquantified.

“Trust is the foundation of all relationships, including those between enterprises and the markets they serve. As our world becomes more connected and more dependent on cloud and mobile technologies, maintaining control over trust by managing keys and certificates must be a top priority for all CEOs, CIOs, CISOs and IT security managers,” Hudson continued. “When trust is compromised, business stops. Our hope is that this report provides both the validation and the motivation to help business and IT executives take action.”

To view the report, visit www.venafi.com/Ponemon

To view a video clip of Venafi CEO Jeff Hudson discussing the research, visit: www.venafi.com/VideoOverview

To learn more about the methodology and key findings, visit the Ponemon Institute blog: www.ponemon.org/blog