infoTECH Feature

August 31, 2016

New Study Credits Large Portion of Cyberattacks to Hidden Malware

With data breaches becoming a sickeningly familiar fact of life these days, it's worth a closer look at the causes and maybe even potential solutions to such matters. A new study from the Ponemon Institute (News - Alert) and A10 Networks shows that large numbers of organizations actually fell victim to cyberattacks, and that one common cause was part of everyday operations: encrypted traffic.

The numbers of organizations that faced attack were on the rise, as 80 percent of organizations took a hit from cyberattacks in the last year. That's bad enough, but almost half of those attacks were related to encrypted traffic, as malware was able to hide in that traffic, go undetected, and find itself placed in the system without incident. Just to top it off, IT experts in large proportions—75 percent of those responding to the study—noted that malware could actively steal employee credentials, to potentially be used in other attacks down the line.

With a variety of organizations from financial services to healthcare services turning to encryption for everyday traffic, this can mean disaster as the thing which users were counting on to protect data actually becomes the means for hackers to stage attacks. Secure Socket Layer (SSL) encryption will not only hide traffic from potential hackers, but also from many generally-available security tools. With this in mind, anyone who can manage to get malware into that traffic flow—assuming it can be found in the first place—may have a clear avenue of attack into the rest of the system. That's a disaster for anyone, especially those who depend on encryption.


A10 Networks (News - Alert)' director of cyber operations, Dr. Chase Cunningham, noted, “The bad guys are looking for ROI just like the good guys, and they don’t want to work too hard to get it. Instead of focusing on doing everything right 100 percent of the time, IT leaders can be more effective by doing a few things very strategically with the best technology available. It’s the cyber security equivalent of the zombie marathon; as long as you can avoid being the slowest in outrunning the zombies, you minimize risk.”

Rational, but maybe not the best approach. If it catches on that IT staff is only watching the obvious ways in, that means the return on investment (ROI) shifts to exploiting little-used avenues. Of course, IT staff can buy itself some time until the next budget cycle to point this out, and that may be enough to help. With so much at stake here—especially given whom the biggest users of encrypted traffic are—protecting a system from this attack pattern becomes vital.

Protecting a system with so much valuable data inside it is crucial; a data breach here can mean disaster in lost customers, lost reputation and potential legal hassles. Yet protecting all possible avenues of entry can be a nightmare of expense and resources used, so figuring out how to split that difference becomes the ultimate balancing act. 




Edited by Alicia Young
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers