Hearts Still Bleed – Vast Majority of Global 2000 Organisations in the UK Remain Vulnerable to Heartbleed One Year on
Bracknell, UK – April 7, 2015 – Venafi, the leading provider of Next-Generation Trust Protection, today announced new research reevaluating the risk of attacks that exploit incomplete Heartbleed remediation in Global 2000 organisations in the UK.
Using Venafi TrustNet, a cloud-based certificate reputation service designed to protect enterprises from the growing threat of attacks that misuse cryptographic keys and digital certificates, Venafi Labs found that 84 percent of Forbes Global 2000 organisations’ external servers remain vulnerable to cyber attacks due to Heartbleed. This leaves these organisations defenceless to reputational damage and widespread intellectual property loss.
When the Heartbleed vulnerability was discovered in April 2014, many organisations scrambled to patch the bug, but failed to take all of the necessary steps to fully remediate their servers and networks. But despite significant guidance from Gartner and other industry experts, the majority have failed to take the necessary steps to fully remediate their servers and networks. Shockingly, 2 in 3 (67%) of the Forbes Global 2000 most profitable companies in the UK are still vulnerable to the security flaw and risk a massive security breach. In addition, as of April 2015, only 23% of UK companies within the Forbes Global 2000 have taken appropriate actions for complete remediation.
“A year after Heartbleed revealed massive vulnerabilities in the foundation for global trust online, a major alarm needs to be sounded for this huge percentage of the world’s largest and most valuable businesses who are still exposed to attacks like those executed against Community Health Systems,” said Jeff Hudson, CEO, Venafi. “Given the danger that these vulnerabilities pose to their business, remediating risks and securing and protecting keys and certificates needs to be a top priority not only for the IT team alone, but for the CEO, BOD, and CISO.”
In 2014, cybercriminals used the keys and certificates that were captured via Heartbleed in the Community Health Systems breach in which APT 18, a known Chinese espionage operator, stole 4.5 million patient records. Again in 2014, the hugely popular site Mumsnet in the UK became victim of the Heartbleed SSL software flaw. The compromise allowed hackers to access approximately 1.5 million user accounts. Although the data access was less sensitive than in some other global attacks, it showed the potency of the breach.
Among more than 2,300 IT security professionals surveyed in the 2015 Cost of Failed Trust research, 100 per cent of UK companies acknowledged they had been targeted by at least one attack on its organisation’s keys and certificates in the past two years. Sixty percent of participants in the research agreed their organisations must do a better job responding to vulnerabilities like Heartbleed involving keys and certificates. According to the new Ponemon research, the risk facing UK enterprises from attacks on keys and certificates is at least £33 million over the next two years.
Download the Venafi Heartbleed +1 Year Analysis (PDF) at:
Venafi is the market-leading cybersecurity company in Next Generation Trust Protection (NGTP). As a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures, and unplanned outages.
As part of any enterprise infrastructure protection strategy, Venafi TrustAuthority™ and Venafi TrustForce™ help organizations regain control over trust in the cloud, on mobile devices, applications, virtual machines, and network devices by protecting Any Key. Any Certificate. Anywhere™. Venafi prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity, and remediates errors and attacks by automatically replacing misconfigured and compromised keys and certificates. Venafi Threat Center provides primary research and threat intelligence for trust-based attacks.
Selected as a 2013 FiReStarter and Red Herring Top 100 company, Venafi customers are among the world’s most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, manufacturing, healthcare, and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners, and Origin Partners. For more information, visit www.venafi.com.
To view a full copy of the report, please visit: https://www.venafi.com/Ponemon
About the 2015 Cost of Failed Trust Report:
The 2015 Cost of Failed Trust Report was completed by 2,371 IT security professionals and examines the precise financial consequences of failed trust from malicious attacks that exploit cryptographic key and certificate management failures. The research not only quantifies the cost of these trust exploits, but it also gives insight into how enterprise failures in key and certificate management open the doors to criminals. This report is the only publicly available research to track the breadth and scope of these types of attacks. For company size, 59 percent of respondents were from organisations with 5,000 or more employees. The largest verticals represented were financial services (17%), government (11%), professional services (8%), consumer products (7%), and retail (7%). This survey data was collected by the Ponemon Institute during January 2015.
About Ponemon Institute:
Ponemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world. Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organisations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. www.ponemon.org.