Security firm Venafi says there isn’t a single cyber-security company in the world that can keep you safe, as all of them are trying to protect a system that’s fundamentally flawed and can be secure in roughly 50 per cent of the cases.
Basically, it says we need to re-think the internet.
But let’s not get ahead of ourselves here, let’s see what these people have to say:
The company did a global survey of 500 CIOs which found “overwhelming consensus” among IT executives that the foundation of cybersecurity is being left unprotected.
That foundation lies in cryptographic keys and digital certificates.
Certificates were originally adopted to solve the security problem of knowing what’s safe and private and was used in everything, from online banking to the Internet of Things. But the unprotected keys are being abused by cybercriminals.
So now you have CIOs acknowledging they’re throwing millions of dollars on layered security defences because these tools “blindly trust keys and certificates – unable to differentiate between which keys and certificates should be trusted and which shouldn’t”.
The conclusion is that popular security systems will only work half of the time.
“Keys and certificates are the foundation of cybersecurity, authenticating system connections and telling us if software and devices are doing what they are meant to. If this foundation collapses, we’re in serious trouble,” comments Kevin Bocek, vice president of Threat Intelligence and Security Strategy at Venafi. “With a compromised, stolen, or forged key and certificate, attackers can impersonate, surveil, and monitor their targets’ websites, infrastructure, clouds, and mobile devices, and decrypt communications thought to be private.”
Venafi’s full report can be found on this link.