A recent study conducted by Quantum Xchange, the enterprise crypto-management company, has shed light on the alarming state of enterprise cryptography. The research uncovered a pervasive use of outdated cryptographic protocols across various sectors, including finance, healthcare, higher education, retail, and manufacturing. This widespread reliance on old encryption methods poses significant risks for businesses, especially as cyberattack surfaces continue to expand and the potential threat of quantum computing looms on the horizon.
The study, which analyzed over 203 terabytes of network traffic from CipherInsights users, examined the relationships, sessions, and traffic for various encryption protocols such as TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0, and SSL v3. The findings revealed that up to 80 percent of network traffic had some flaw in its encryption, while a staggering 61 percent of the traffic was completely unencrypted. These statistics highlight a concerning trend of neglect and lack of evaluation when it comes to implementing and updating cryptographic measures.
One of the most alarming discoveries was the prevalence of outdated encryption protocols in the healthcare and higher education sectors. TLS 1.1 and 1.0 were found to be in widespread use, indicating a reluctance to update systems that are perceived to be functioning adequately. Shockingly, up to 92 percent of all traffic on hospital networks lacked any form of encryption, pointing to a laissez-faire attitude towards data security.
Vince Berk, Chief Strategist at Quantum Xchange, emphasized the urgent need for organizations to address these vulnerabilities: “Zero trust is meaningless if your encryption is not bulletproof. We’re trying to bring awareness to the here-and-now problem with cryptography so that organizations can shore up these weaknesses and better protect their systems from everyday cybersecurity risks and yet-to-be-discovered threats.”
In response to these findings, Quantum Xchange introduced CipherInsights, a real-time cryptographic risk, discovery, and assessment tool. Unlike traditional scanning tools that focus solely on certificates and installed cryptographic libraries, CipherInsights actively analyzes network traffic, classifying and identifying both sanctioned and unsanctioned encryption methods in use. This tool provides organizations with immediate insights into the operational effectiveness of their encryption, enabling them to meet regulatory requirements and improve their overall cybersecurity posture.
What is encryption?
Encryption is the process of encoding information in such a way that only authorized parties can access and read it. It involves the use of cryptographic algorithms to convert plaintext data into a scrambled form (ciphertext), which can only be decrypted with a specific key.
Why is outdated cryptography a problem?
Outdated cryptography exposes organizations to various security risks. As technology advances, so do the capabilities of cybercriminals. Older encryption protocols may have vulnerabilities that can be exploited, making it easier for attackers to gain unauthorized access to sensitive data.
What is TLS?
Transport Layer Security (TLS) is a cryptographic protocol used to secure communications over a computer network. It ensures the confidentiality, integrity, and authenticity of data transmitted between devices, such as web browsers and servers.
What is quantum computing?
Quantum computing is an emerging field of computing that leverages the principles of quantum mechanics. Unlike classical computers, which use bits to represent data as either 0 or 1, quantum computers use qubits that can be simultaneously in multiple states. This enables quantum computers to solve complex problems much faster than traditional computers, potentially posing a threat to existing cryptographic algorithms that rely on classical computing limitations.
Source: [Business Wire](https://www.businesswire.com/news/home/20231030166159/en/)