Encryption-Based Cyber Attacks Are Increasing: How to Stay Safe
Encryption’s popularity has gone through the roof over the past few years, however, it may not be the cyber security silver bullet some hope. The volume of encrypted traffic traversing the web has increased roughly 90% each year since 2015. If those year-over-year growth patterns hold true, Gartner forecasts that, come 2019, 80% of all web traffic will be encrypted. While the proliferation of encryption can be reassuring, particularly for organizations and consumers already torched by data loss, it is also opening up new threat vectors for cyber criminals.
Employee web browsing habits are always a concern to organizations, yet encryption does little to allay those fears. HTTPS traffic can serve as a perfect backdoor for malware or data extraction. Employees don’t even necessarily need to wander the wilds of the Internet to unknowingly come into contact with malicious files. They can do so simply by connecting to unsecured servers on the corporate network’s edge. This connection could be the opening malware needs to spread rapidly throughout the weak points of a network.
The above attack vectors (and others) seem set to grow alongside legitimate encryption use. According to a Cisco white paper, 41% of attackers have used encryption to avoid security’s watchful eyes. Projecting that out just one year, it’s estimated that as much as 70% of cyber attacks will take place using encrypted traffic. Considering the estimated average cost of a data breach ($3.8 million as per Cisco), businesses can’t afford to be in the dark in terms of what’s coming and going on their network.
Defending against cyber attacks hiding in encryption
Previously, the best defense against attackers’ nefarious use of encryption was mass decryption. Businesses would need to decrypt traffic in bulk and then analyze the contents. Files deemed to be harmless would then be re-encrypted and routed on to their final destination.
Even though that legacy approach was effective at identifying threats hiding in encrypted traffic, it carried several drawbacks. Mass decryption may not be conducive to the performance and budgeting benchmarks many businesses have set for themselves. Stopping and parsing through traffic takes time and can be resource intensive. This issue would only worsen as individuals and businesses lean on encryption to shroud even more of their traffic.
Another concern with bulk decryption is privacy – or, more accurately, the lack of it. Until proven otherwise, bulk decryption strategies treat every file as a possible threat. As such, It must decrypt and review all traffic. This makes sense from a security perspective, but ethically, it raises some questions as bulk decryption could potentially expose sensitive employee or customer data.
What’s the alternative to bulk decryption? Cisco’s Encrypted Traffic Analytics (ETA) is one option. This solution is able to spot threats within encrypted traffic without the need for bulk decryption. Rather than decrypt, scan, and re-encrypt traffic, ETA uses a combination of passive monitoring, relevant data point analysis, and cloud-enabled machine learning to evaluate risk. ETA’s unique, advanced architecture allows it to perform these operations quickly and efficiently so as to avoid network gridlock and budgetary bloat.
An additional benefit of ETA is that it can help organizations assess the strength of their encryption. ETA is able to instantly assess the quality of the encryption protocol used to defend any traffic it comes into contact with. Security personnel can then review that information to ensure compliance with any applicable regulatory standards.
Next Steps: Don’t face today’s cyber threats alone
Ready to continue the conversation around cyber security best practices as well as Encrypted Traffic Analytics? Visit https://www.arrayasolutions.com/contact-us/ to connect with our team of security and networking experts. They can help you assess your current environment and provide field-tested insights into how to improve your organizations cyber security readiness.
Feel free to leave us a comment on this or any of our blogs using social media. Arraya can be found on LinkedIn, Twitter, and Facebook. Once you’ve let us know what you think, follow us so you can stay updated on our other technology insights and upcoming special events.