• Home
• News
  • Business Continuity News
  • Regional news
  • Sector news
  • Events Diary
  • Newsletters
  • Newsfeed
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Management
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• Resources
  • Webinars
  • BC software directory
  • Newsfeed
  • Twitter
  • Advanced BC information
  • Advanced ICT information
  • Basic BC information
  • Basic ICT information
  • How to advertise
  • About us
  • Contact us
  • Privacy
• Newsletters
• Training

WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Despite the hype ‘encrypted’ does not equal ‘safe’

Blue Coat Systems has published research results that show that the growing use of encryption to address privacy concerns is creating perfect conditions for cyber criminals to hide malware inside encrypted transactions, and even reducing the level of sophistication required for malware to avoid detection.

The use of encryption across a wide variety of websites — both business and consumer - is increasing as concerns around personal privacy grow. In fact, eight of the top 10 global websites as ranked by Alexa deploy SSL encryption technology throughout all or portions of their sites. For example, technology goliaths Google, Amazon and Facebook have switched to an ‘always on HTTPS’ model to secure all data in transit using SSL encryption.

Business critical applications, such as file-storage, search, cloud-based business software and social media, have long-used encryption to protect data-in-transit. However, the lack of visibility into SSL traffic represents a potential vulnerability to many enterprises where benign and hostile uses of SSL are indistinguishable to many security devices. As a result, encryption enables threats to bypass network security and allows sensitive employee or corporate data to leak from anywhere inside the enterprise.

Revealing the visibility void

As Blue Coat’s latest security report, ‘2014 Security Report – The Visibility Void’ explains, encrypted traffic is becoming more popular with cyber criminals because:

• Malware attacks using encryption as a cloak do not need to be complex because the malware operators believe the encryption prevents the enterprise from seeing the attack;
• Significant data loss can occur as a result of malicious acts by hostile outsiders or disgruntled insiders, who can easily transmit sensitive information;
• By simply combining short-lived websites, ‘One-Day Wonders’, with encryption and running incoming malware and/or outgoing data theft over SSL, organizations can be completely blind to the attack, and unable to prevent, detect or respond.

The growing use of encryption means that many businesses are unable to track the legitimate corporate information entering and leaving their networks, creating a growing blind spot for enterprises.

“The tug of war between personal privacy and corporate security is leaving the door open for novel malware attacks involving SSL over corporate networks that put everyone’s data at risk,” said Dr. Hugh Thompson, chief security strategist for Blue Coat. “For businesses to secure customer data and meet regulatory and compliance requirements they need the visibility to see the threats hiding in encrypted traffic and the granular control to make sure employee privacy is also maintained.”

How to preserve security and privacy

Corporate security demands must be balanced with privacy policies and applicable compliance requirements. Because corporate policies and applicable compliance regulations can vary geographically on a-per organization and per industry basis, businesses need flexible, configurable, customizable and targeted decryption capabilities to meet their unique business needs. To help enterprises comply with their policy and compliance requirements while still combating threats hiding in encrypted traffic, Blue Coat has developed a list of key factors that IT security departments should consider when framing the issue within their organization. The full list of guidance is available in The Visibility Void report.

A new E-Guide is available for download at: https://www.bluecoat.com/etm-guide/. The E-Guide highlights:

• How encrypted traffic is growing and how it is exploited;
• The challenges organizations face when trying to mitigate the risk;
• Practical guidance on how to eliminate the encrypted traffic blind spot.
  

•Date: 19th November 2014 • World •Type: Article • Topic: ISM

Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.