Verizon’s 2016 Data Breach Investigations Report found that 89 per cent of breaches last year were motivated by greed or espionage. Since motives are increasingly financial, it makes sense that the financial institutions that underpin the world’s economy are increasingly targeted.
The Ponemon Institute found, on average, 83 per cent of financial companies suffer more than 50 attacks per month. As a result, banks, credit unions, brokerage firms and exchanges — large and small — are shoring up their defenses to prepare for the inevitability of a cyber attack.
One of the defensive measures they use is encryption, which protects the privacy and integrity of sensitive information by rendering it unreadable if stolen or intercepted.
The dark side of SSL encryption
Unfortunately, encryption also has a dark side; increasingly, cyber attackers are using encryption to hide their exploits. A10 recently sponsored a survey by the Ponemon Institute, “Hidden Threats in Encrypted Traffic: Industry Verticals,” to dig into the risks posed by encrypted traffic. The results demonstrated that financial institutions may be woefully unprepared to protect against the attacks using encrypted traffic to hide their activity.
As a baseline, respondents estimate 32 per cent of their institution’s outbound traffic is encrypted today; they expect that percentage to go up to 46 per cent over the next 12 months. As that percentage increases, it’s logical the percentage of threats in encrypted traffic will also go up. In fact, 58 per cent of respondents think attackers will increase their use of encryption (to evade detection and bypass controls) over the next 12 months.
When asked whether their institution recognises that malicious users leverage SSL encryption to conceal their exploits, only 41 per cent agreed (23 per cent were unsure and 36 per cent disagreed). While this percentage may seem to imply there is a disconnect between the risk and an institution’s recognition of that risk, it is probably more indicative of an institution’s direct experience.
Notably, 40 per cent of the respondents confirmed that attacks on their institution had used encryption to evade detection. (81 per cent acknowledged they had been a victim of a cyberattack or malicious insider activity in the past 12 months.)
Gauging the importance of SSL inspection
So, perhaps institutions are waiting to see these attacks firsthand before they implement measures to prevent them? Despite 90 per cent of the financial services respondents recognising that the inspection of SSL traffic is “Important” to “Essential” to their overall security infrastructure, only 42 per cent are actually decrypting Web traffic to detect attacks, intrusions and malware.
This can be a very dangerous game of chicken for financial institutions to play. Respondents indicated they knew their institutions were at risk:
- 70 per cent were concerned or very concerned that encrypted traffic would leave their network vulnerable to hidden threats
- 71 per cent felt that compromised insider credentials, due to malware hiding inside encrypted SSL traffic, could cause a data breach (18 per cent were unsure)
- 61 per cent agreed that the inability of their current security infrastructure to inspect encrypted traffic compromises their ability to meet existing and future compliance requirements.
- 33 per cent felt their institution would be able to prevent costly data breaches and loss of intellectual property by detecting SSL traffic that is malicious
Why aren’t they decrypting encrypted traffic to look for attacks it may hide? Respondents cited a lack of enabling security tools (53 per cent), insufficient resources (43 per cent) and performance degradation (42 per cent) as the main reasons they don’t decrypt and inspect their Web traffic.
Unsurprisingly, 50 per cent noted their institution’s security solutions are collapsing under growing SSL bandwidth demands and SSL key lengths.
Your SSL decryption strategy
All told, 57 per cent of the financial services respondents, which don’t currently decrypt, have plans to decrypt and inspect traffic to uncover potential attacks. Before they can, however, they need to find solutions that truly meet their needs.
They indicated the following features were “Important” to “Essential” in an SSL inspection tool:
- Securely manage SSL certificates and keys – 90 per cent
- Scale to meet current and future SSL performance demands – 87 per cent
- Maximise the uptime and performance requirements of the overall capacity of the security infrastructure – 84 per cent
- Satisfy compliance requirements – 81 per cent
- Granularly parse and control traffic based on custom-defined policies – 78 per cent
- Categorise web traffic to ensure confidential or sensitive data remains encrypted (satisfy regulatory requirements) – 77 per cent
- Intelligently route traffic to multiple security devices – 77 per cent
- Interoperate with a diverse set of security products from multiple vendors – 75 per cent
Have a look at our new white paper for more information on the Ponemon survey.
Duncan Hughes, System Engineering Director EMEA for A10 Networks
Image source: Shutterstock/SkillUp