Australian enterprises fear a 'cryptoapocalypse'

Australian enterprises stand to lose $48.4 million over the next two years from attacks on security keys and certificates, new research shows.

A study conducted for Venafi by the Ponemon Institute shows that Australian security professionals are most fearful of a cryptoapocalypse-like event.

A cryptoapocalypse describes a scenario whereby the standard key-generating algorithms such as RSA are compromised and exploited overnight. Such an attack is expected to dwarf Heartbleed in terms of scope, complexity and the time taken to address.

According to the report, Australian enterprises risk losing $20.5 million over the next two years from the exploitation of weak cryptographic keys, $8.6 million from mobility misuse and $8.4 million from code signing misuse.

Other prominent threats include man-in-the-middle attacks as well as the theft of SSH or server keys.

Every Australian organisation questioned had responded to multiple attacks against keys and certificates.

Additionally, 55% did not know how many keys and certificates they have, 55% acknowledged that trust established by these measures is in jeopardy and 60% conceded that they needed to better manage keys and certificates.

“Without the trust established by keys and certificates, we’d be back in the internet ‘stone age’, not knowing if a website, device or mobile application is secured,” Venafi CEO Jeff Hudson said during a visit to Australia this week.

“With keys and certificates so broadly deployed and so integral to the future of the world’s digital economy, it must become a top priority for CEOs, boards of directors and CISOs to better secure and protect them. With no replacement in sight, failure is not an option.”

Image courtesy of Thomas Williams under CC