A survey has revealed that IT security professionals are unaware of the process in which to detect or recover from compromised cryptographic keys and digital certificates that form the base of the modern day digital world.
A cryptography key is a parameter that determines the functional output of a cryptographic algorithm, and digital certificate is a kind of electronic "passport" that facilitates exchange of information securely over the internet using the public key infrastructure (PKI).
A compromised or stolen key could allow attackers to decrypt traffic, impersonate websites, as well as monitor the targeted organisations. Unsecured keys and certificates are more dangerous than other forms of attacks, as they provide the attackers with unrestricted access to the target’s networks, and the attack could remain undetected with trusted status and access for a long period.
According to cyber security company Venafi’s 2015 RSA Conference survey, 78% surveyed said that their organisations are vulnerable to a Sony-like breach, involving theft of keys, due to partial remediation against the attack. Just 8% said that they can fully remediate against attack on such a level.
Only 43% of the respondents said that their organisations used a key management system to protect the online trust provided by keys and certificates, while 16% were unaware of the concept and 14% said that they used a manual process to manage the system.
Around 38% of respondents said that they were unaware of the process to detect compromised keys and certificates, but 56% claimed to be using a combination of next generation firewalls, anti-virus, IDS/IPS and sandboxes to detect the attacks.
Nearly 64% of IT security professionals acknowledged that in case of an attack, they would not be able to respond within 24 hours, and said that it could take them anywhere between three to seven days to detect, diagnose and replace the keys.
Venafi security strategy and threat intelligence vice president Kevin Bocek said: "IT security professionals need to realise that keys and certificates establish trusted connections for virtually everything IP-enabled today.
"Just like the human immune system, when SSL/TLS and SSH keys are protected and used correctly, they identify web servers, software, mobile devices, applications and even security administrators as ‘self’ and trusted and those that are misused should be identified as ‘other’ and replaced or blocked."