An outcome of the growing use of encryption technology to keep network data safe is an increase in cyber-attacks.
A new report from A10 Networks in partnership with Ponemon Institute highlighted the overwhelming challenges that IT professionals face in preventing and detecting attacks on encrypted traffic inside and outside of their organisations' networks. The study surveyed 1,023 IT and IT security practitioners in Europe and North America from financial services, healthcare, the public sector and more.
Nearly half of respondents (47 percent) said a lack of enabling security tools was the main reason for not inspecting decrypted web traffic. Insufficient resources and degradation of network performance closely followed (both 45 percent).
During the past year, 80 percent said their organisations were victims of a cyber-attack or malicious insider. Nearly half said that the attackers used encryption to evade detection.
Three quarters (75 percent) say their networks are at risk from malware hidden inside encrypted traffic that could steal employee credentials. About two-thirds admit that their company is not prepared to detect malicious SSL traffic, which leaves them vulnerable to costly data breaches and loss of intellectual property.
“IT decision-makers need to think more strategically. The bad guys are looking for ROI just like the good guys, and they don't want to work too hard to get it. Instead of focusing on doing everything right 100 percent of the time, IT leaders can be more effective by doing a few things very strategically with the best technology available. It's the cyber-security equivalent to the zombie marathon — as long as you can avoid being the slowest in outrunning the zombies, you minimise risk,” said Dr Chase Cunningham, director of cyber operations at A10 Networks.