A surprising outcome of the growing use of encryption technology is an increase in cyber attacks, according to a new report from A10 Networks. Conducted in partnership with Ponemon Institute, the network security study ‘Hidden Threats in Encrypted Traffic: A Study of North America & EMEA’ surveyed 1,023 IT and IT security practitioners in North America and Europe, highlighting the challenges these professionals face in preventing and detecting attacks on encrypted traffic in and out of their organizations’ networks.
A growing number of organizations are turning to encryption technology to keep their network data safe. However, SSL encryption not only hides data traffic from would-be hackers, but also from common security tools. The encryption technology that is crucial to protecting sensitive data in transit, such as web transactions, emails and mobile apps, can allow malware hiding inside that encrypted traffic to pass uninspected through an organization’s security framework.
Almost half of respondents (47 percent) cited a lack of enabling security tools as the primary reason for not inspecting decrypted web traffic: closely followed by insufficient resources and degradation of network performance (both 45 percent). Yet 80 percent of survey respondents say their organizations have been victims of a cyber-attack or malicious insider during the past year. And nearly half say that the attackers used encryption to evade detection.
Although 75 percent of survey respondents say their networks are at risk from malware hidden inside encrypted traffic, roughly two-thirds admit that their company is unprepared to detect malicious SSL traffic, leaving them vulnerable to costly data breaches and the loss of intellectual property. Moreover, the threat is expected to get worse as the volume of encrypted data traffic continues to grow, with the majority of respondents expecting network attackers to increase their use of encryption over the coming year to evade detection and bypass controls.