The report reveals many findings, including:
•High costs: On average enterprises are projected to risk losing an average of $35 million over 24 months from attacks on trust. This is based on a total possible cost exposure of almost $400 million per organization. •Expensive, preventable exploits: Easily preventable exploits of weak cryptography are most likely and are costly, averaging $125 million per incident, per organization. •Consequences for Certificate Authority (CA) compromises: Attacks on trusted CAs lead to man-in-the-middle and phishing attacks on enterprises, with costs averaging $73 million per incident, per organization. •Wide-spread vulnerability: All surveyed enterprises suffered at least one attack on trust due to failed key and certificate management.
In addition to revealing the financial impact of failing to control trust, the research also demonstrates the extent of the challenge facing enterprises in regaining control of their keys and certificates:
•Too vast a problem for manual management: Enterprises estimate they have on average 17,807 keys and certificates, per organization. •Unknown and unquantified risk: Fifty-one percent of surveyed organizations do not know exactly how many keys and certificates they have. •Clear and present danger to cloud computing: Respondents believe difficult-to-detect attacks on Secure Shell (SSH) keys, critical for cloud services from Amazon and Microsoft, present the most alarming threat arising from failure to control trust. •Need to establish control over trust: Already 59 percent of enterprises believe that proper key and certificate management can help them regain control over trust and avoid these risks.
"Cyber criminals understand how fragile our ability to control trust has become, and as a result, they continue to target failed key and certificate management," said Venafi CEO Jeff Hudson. "These exploits wreak havoc by causing unplanned outages, productivity loss, brand damage and data breaches. Until today the financial impact, the extent of the challenges and the industry's recognition of these compromises remained largely unknown and unquantified.
"Trust is the foundation of all relationships, including those between enterprises and the markets they serve. As our world becomes more connected and more dependent on cloud and mobile technologies, maintaining control over trust by managing keys and certificates must be a top priority for all CEOs, CIOs, CISOs and IT security managers," Hudson continued. "When trust is compromised, business stops. Our hope is that this report provides both the validation and the motivation to help business and IT executives take action."
To view the report, visit www.venafi.com/Ponemon
To view a video clip of Venafi CEO Jeff Hudson discussing the research, visit: www.venafi.com/VideoOverview
To learn more about the report methodology and key findings, visit the Ponemon Institute blog
About Ponemon Institute
Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.
Venafi is the inventor of and market leader in enterprise key and certificate management (EKCM). Venafi delivered the first enterprise-class solution to discover all digital certificates and cryptographic keys within an organization, connect these assets to the people responsible for them, report on and audit their use to prove compliance, enforce policy, and automate operations to eliminate security risks, unplanned outages and compliance failures. Designed specifically for the enterprise, Venafi Director helps organizations regain control over trust in the data center, on desktops and mobile devices, and in the cloud by managing Any key. Any certificate. Anywhere. Venafi also publishes best practices for effective key and certificate management. Venafi customers include the world's most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
Most Popular Stories
- SpaceX's Satellite Launch Is 'Game-Changer'
- Reid Confident Congress to Pass Immigration Bill
- Maui Visitor Killed in Shark Attack
- Donors Abandon GOP Over Gun Stance
- Mexico: 'Extremely Dangerous' Radioactive Material Stolen
- CEOs More Optimistic About Economy, Hiring
- Climate Change Early Warning System Urged
- Private Sector Employment Surges by 215,000 Jobs
- Newtown 911 Tapes Being Released Today
- Wisconsin Gov. Campaign Aide Fired Over Tweets