IT disaster recovery, cloud computing and information security news

Cybersecurity report finds that many attacks are due to hidden malware in encrypted traffic

A surprising outcome of the growing use of encryption technology is an increase in cyber attacks, according to a new report from A10 Networks. Conducted in partnership with Ponemon Institute, the network security study ‘Hidden Threats in Encrypted Traffic: A Study of North America & EMEA’ surveyed 1,023 IT and IT security practitioners in North America and Europe, highlighting the challenges these professionals face in preventing and detecting attacks on encrypted traffic in and out of their organizations’ networks.

A growing number of organizations are turning to encryption technology to keep their network data safe. However, SSL encryption not only hides data traffic from would-be hackers, but also from common security tools. The encryption technology that is crucial to protecting sensitive data in transit, such as web transactions, emails and mobile apps, can allow malware hiding inside that encrypted traffic to pass uninspected through an organization’s security framework.

Almost half of respondents (47 percent) cited a lack of enabling security tools as the primary reason for not inspecting decrypted web traffic: closely followed by insufficient resources and degradation of network performance (both 45 percent). Yet 80 percent of survey respondents say their organizations have been victims of a cyber-attack or malicious insider during the past year. And nearly half say that the attackers used encryption to evade detection.

Although 75 percent of survey respondents say their networks are at risk from malware hidden inside encrypted traffic, roughly two-thirds admit that their company is unprepared to detect malicious SSL traffic, leaving them vulnerable to costly data breaches and the loss of intellectual property. ┬áMoreover, the threat is expected to get worse as the volume of encrypted data traffic continues to grow, with the majority of respondents expecting network attackers to increase their use of encryption over the coming year to evade detection and bypass controls.

www.a10networks.com



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

   

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.