A10 Networks Cybersecurity Report Attributes Half of Attacks to Malware Hidden in Encrypted Traffic
The risk to financial services, healthcare and other industries stems from growing reliance on encryption technology, says network security study from A10 Networks and Ponemon Institute
Key Findings Include:
- 80% of organizations were victims of cyber attacks during past year
- Nearly half of cyber attacks used malware hidden in encrypted traffic to evade detection
- 75% of IT experts surveyed admit malware could steal employee credentials from their networks
SAN JOSE, Calif. – Aug. 30, 2016 – A surprising outcome of the growing use of encryption technology is an increase in cyber attacks, according to a new report from A10 Networks (NYSE: ATEN), a technology leader in application networking and security. Conducted in partnership with Ponemon Institute, the network security study Hidden Threats in Encrypted Traffic: A Study of North America & EMEA surveyed 1,023 IT and IT security practitioners in North America and Europe, highlighting the overwhelming challenges these professionals face in preventing and detecting attacks on encrypted traffic in and out of their organizations’ networks.
A growing number of organizations are turning to encryption technology to keep their network data safe. For many security managers, however, the cost of inspecting this rising tide of encrypted traffic is degraded network performance—an incorrect assumption depending on solution and technology choice that can carry costly consequences. At issue is the fact that SSL encryption not only hides data traffic from would-be hackers, but also from common security tools. The encryption technology that is crucial to protecting sensitive data in transit, such as web transactions, emails and mobile apps, can allow malware hiding inside that encrypted traffic to pass uninspected through an organization’s security framework.
Almost half of respondents (47 percent) cited a lack of enabling security tools as the primary reason for not inspecting decrypted web traffic—closely followed by insufficient resources and degradation of network performance (both 45 percent). Yet 80 percent of survey respondents say their organizations have been victims of a cyber attack or malicious insider during the past year. And nearly half say that the attackers used encryption to evade detection.
Although 75 percent of survey respondents say their networks are at risk from malware hidden inside encrypted traffic, roughly two-thirds admit that their company is unprepared to detect malicious SSL traffic, leaving them vulnerable to costly data breaches and the loss of intellectual property. Among the IT professionals responding to the survey, the largest percentage work in financial services, followed by healthcare and the public sector — three industries most in need of protecting sensitive data.
Moreover, the threat is expected to get worse as the volume of encrypted data traffic continues to grow, with the majority of respondents expecting network attackers to increase their use of encryption over the coming year to evade detection and bypass controls. Many companies may be caught off guard, as their security solutions collapse under the weight of tremendous SSL vulnerabilities.
“IT decision makers need to think more strategically,” said Dr. Chase Cunningham, director of cyber operations at A10 Networks. “The bad guys are looking for ROI just like the good guys, and they don’t want to work too hard to get it. Instead of focusing on doing everything right 100 percent of the time, IT leaders can be more effective by doing a few things very strategically with the best technology available. It’s the cyber security equivalent of the zombie marathon — as long as you can avoid being the slowest in outrunning the zombies, you minimize risk.”
“The Hidden Threats in Encrypted Traffic study sheds light on important facts about the malicious threats lurking in today’s corporate networks,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Our goal is to help organizations better understand the risks to help them better address vulnerabilities in their networks.”
- Executive Summary: Six Discoveries about SSL Inspection
- eBook: Uncovering Hidden Threats within Encrypted Traffic
- Blog: SSL Inspection — Why Don’t More Organizations Do It?
- Blog: Ponemon - SSL Inspection Not a Priority for Federal Agencies
- Blog: Summary - 6 Discoveries IT Security Pros Need to Know about SSL Inspection (PDF)
- Follow A10 Networks on Twitter, LinkedIn and Facebook
About A10 Networks
A10 Networks (NYSE: ATEN) is a leader in application networking and security, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers globally with offices worldwide. For more information, visit: www.a10networks.com and @A10Networks.
The A10 logo, A10 Networks, A10 Harmony, A10 Thunder, Thunder and ACOS are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners.