The mass adoption of data encryption software, such as Secure Sockets Layer (SSL)-based programs, has left companies more vulnerable to data breaches as hackers learn to compromise larger systems. According to a Radware study, the number of SSL-based cyberattacks has increased by 50 percent in the last year.
The study, Protecting From a Growing Attack Vector: Encrypted Attack, demonstrates the increased risk of following cybersecurity standards without simultaneously increasing other security software and information technology knowledge. The report states only 31 percent of survey respondents have the ability to defend against an SSL attack, which can expose data from all levels of a company.
Radware is a global leader in application delivery and cybersecurity solutions for software data centers. The study was published in partnership with research from Gartner Inc, an information technology research and advisory company.
SSL is a security technology used to establish an encrypted link between a server and a client, and it is most commonly used for online communications and commerce. SSL technology is used by the top one million websites and has increased by 48 percent over the last two years, according to a Netcraft study.
The increased need to send private information, such as financial or employment data, has created a need for tighter security online. Public initiatives have responded to the increased need for cybersecurity by promoting the large-scale adoption of SSL.
Radware cites the 2015 ProtonMail hacks as an example of the need for heightened security when using encryption software. ProtonMail is a leading provider of encrypted email services, and was pushed offline by hackers in Nov. 2015 and forced to pay a ransom of $6,000 for the system to go back online. ProtonMail later released a statement saying no personal data was exposed.
Programs such as “Let’s Encrypt,” run by the nonprofit Internet Security Research Group have freely expanded the accessibility of SSL software, encouraging companies to adopt SSL or Transport Layer Security (TLS).
SSL encryption allows information to be confidentially exchanged, but the software leaves endpoints exposed and vulnerable to threats. Gartner recommends companies review existing privacy and network usage policy, enforce sign-in security and evaluate security risks of web traffic.
According to the study TLS is the most common replacement protocol for SSL. TLS offers different protocol and newer generations to SSL. The Payment Card Industry, which includes members such as American Express, Discover Financial Services and Mastercard, recently amended requirements for its companies to adopt TLS before June 2018.
The study also reveals as companies increase encryption technologies, hackers will use similar methods of encryption to bypass online security. Gartner estimates that by 2017 more than half of the network attacks targeting enterprises will use encryption to remain undetected–up from the less than 5 percent today.
