- Email: [email protected]
Demystifying the role of AI for better network security
FEATURE The evolution in the botnet landscape highlights the security risks from Internet-connected devices often configured with default credentials, or from manufacturers that are slow to issue updates if they issue them at all. Poorly maintained IoT devices are a goldmine to hackers. They can build enormous botnets consisting of a wide variety of devices and architectures because of this.
“The malicious Mirai bot, which targeted IoT devices, took down the Eastern half of the US, leveraging 100,000 infected IOT devices practically overnight. And as sensational as it sounds, that feels like the tip of the iceberg” For today’s hacker, the process of capturing devices for a botnet is a fairly simple task that is usually automated. Hackers typically compromise devices via brute force login, a simple method that tries various combinations of usernames and passwords again and again until access is gained. If a match is found, the device is exploited and a malicious payload is downloaded to the device. The payloads downloaded today can vary, but it usually gives the bot-herder the ability to remotely control the infected device just like a traditional PC botnet. Anything connected to the Internet is at risk of attack. We already know there
is a precedent for IoT. The malicious Mirai bot, which targeted IoT devices, took down the Eastern half of the US, leveraging 100,000 infected IOT devices practically overnight. And as sensational as it sounds, that feels like the tip of the iceberg. I predict that next year we will see much bigger attacks as hackers unleash bots to tap into agricultural IoT networks.
Food chain It’s very likely that parts of Europe and the US food supply chain could be paralysed to the extent that recovery might not be possible if we don’t put the right precautions in place now. Tonnes and tonnes of crops could perish, thousands and thousands of people could face hunger. The economics of food production will come under intense pressure as we adopt more IoT to support production and replace human labour. As will our practices for keeping the networks and cloud applications secure. IoT botnets continue to evolve and they are becoming more versatile. It wasn’t long ago that Mirai reached the 1Tbps mark but the process of how it was done has improved, leading many of us in the industry to worry about the next super attack. Ultimately, cyber criminals follow the money by taking the path of least resistance. Traditional exploit kits have been deemed high maintenance and hard to maintain due to improved security practices and a diminishing availability of private exploits. So botnets are now the favoured
tool and AgTech is just one of many sectors that could provide hackers with the unsecure IoT devices they seek to control. Anyone looking to invest in AgTech devices or services needs to be aware of the potential risks they could be opening themselves to. They must ensure their IoT devices are not easy pickings for cyber criminals who are searching for low-hanging fruit. It’s important to take pre-emptive steps and not simply wait to become another victim. Technology can do wonderful things but if it’s not properly managed and if security isn’t a key factor in that management, then technology that was designed to help can rapidly turn into a nightmare. Let’s hope farmers turn to the experts early to properly manage their security and ensure they reap the benefits of IoT. We want to ensure that this key industry is well protected and isn’t seen as just another target for opportunistic hackers.
About the author Mike O’Malley brings 20 years of experience in strategy, product and business development, marketing, M&A and executive management to Radware. In his role as vice-president of carrier strategy and business development, he is responsible for leading strategic initiatives for wireless, wireline and cloud service providers. O’Malley has extensive experience developing innovative products and strategies, including security, cloud and wireless.
Demystifying the role of AI for better network security
Thorsten Kurpjuhn
Thorsten Kurpjuhn, Zyxel There is a lot of excitement and expectation around the role of artificial intelligence (AI) in business. From website chatbots that offer an enhanced customer experience, to biometric recognition and customer data analysis, AI has much to offer the small to medium-size business (SMB) community. Indeed, many businesses are already using it in one form or another – some without even realising it. 14
Network Security
Nowhere is AI more promising than in security, where it has been heralded as the answer to cyber security worries. SMBs are fighting a losing battle against
August 2019
FEATURE
The degree to which organisations rely on automation, machine learning and artificial intelligence. Source: Cisco.
proliferating malware and cyberthreats, which are themselves increasingly powered by criminals’ use of AI. Consequently, the ability of defensive AI to evolve, using machine learning to develop ever more precise responses to threats and to anticipate new attacks, is extremely attractive. Adding an intelligent, machine-based layer to traditional cyber security approaches can help companies secure their networks to a much greater extent than traditional measures alone.
“With criminals deploying AI within their own operations, it is increasingly hard for IT teams to keep up and near-impossible for a basic firewall to identify all of the malware it encounters”
with the sole purpose of stealing data for sale on the dark web. Combatting cyberthreats is not an exact science and with new variants being developed all the time, and criminals deploying AI within their own operations, it is increasingly hard for IT teams to keep up and near-impossible for a basic firewall to identify all of the malware it encounters. But with 53% of midmarket companies having fallen victim to a cyber security-based breach, and 40% of those experiencing eight or more hours of system downtime as a result, it is essential to keep all threats at bay.1 Given that criminals are using AI
with increasing sophistication, only an AI-powered response is likely to suffice. With threats evolving so fast that some commentators are now referring to a ‘cyberwar’ between criminals and their targets, the ability to immediately isolate unknown files is the first step in securing the network. This can be done by sandboxing (ie, moving suspect files to a virtual environment that isolates and contains unknown programs in a safe cloud environment, for further investigation away from the main network). At the moment, sandboxing can occur through human intervention or by automation built into security measures. Sandboxing is useful when applied in conjunction with AI because the learning that takes place within that emulated and secure environment allows an AI defence system to develop ‘immunity’, continually learning and bolstering its defences by analysing the traffic and files that have tried to enter the network. This feature means that protection can constantly evolve to remain robust and
Although the two are often confused, AI goes a step beyond mere automation. Once in place, AI mimics human qualities of intelligence and adaptation, taking lessons learned from prior experience to neutralise or fend off attacks and anticipate attackers’ future behaviour. To get the most out of AI in a security setting, it is vital to understand the key components that make up a robust and reliable solution and the main areas where AI can make a real difference.
Data matters The recent ramping-up of data protection legislation worldwide reflects an important truth – data is a hugely valuable commodity and businesses must protect it or face dire consequences. Criminals are developing new threats daily, often with the malicious use of AI,
August 2019
Types of cyber attacks experienced by organisations in 2018, compared to 2017. Source: Ponemon Institute/Keeper.
Network Security
15
FEATURE reliable, no matter what is thrown at the network or however threats evolve. Some AI developers are now extending the scope of traditional sandboxing to create isolated environments that not only contain threatening files but, crucially, allow them to execute fully. This provides vital information for AI systems that would be far too dangerous to explore elsewhere.
“In the near future, AI defence systems may not only sandbox files they see as unusual or worrisome, they may also flex or restrict users’ access and authentication capabilities in response to unusual or unexpected patterns of behaviour” However, there remains plenty of room for AI both to improve this process and feed upon it. For example, in the near future, AI defence systems may not only sandbox files they see as unusual or worrisome, they may also flex or restrict users’ access and authentication capabilities in response to unusual or unexpected patterns of behaviour, and/or the number of files being ‘sandboxed’ from a particular point of entry to the network.
Mitigating malware Any solution deployed to secure a company from external threats is only as good as the very latest information it is based on, and that information changes by the minute. As we have seen, cyber criminals are now using AI just as enthusiastically as IT security firms and departments: research from the Ponemon Institute found that advanced malware and zero-day attacks increased from 16% to 24% over the past year.2 Using a firewall alone to block malware is like relying on an old umbrella with holes to keep the rain off: it will get through and you will get wet. The only way to block the very latest malware is to empower and constantly update your defences. In other words, to use AI. Any good network defence strategy needs up-to-the-minute information and 16
Network Security
Main groups of victims of data breaches. Source: Verizon.
insight, in order to block and defy zeroday malware. Fortunately, this is where AI excels. By using reliable sources, including feedback from devices, third-party data and top-ranked threats, defences can be optimised to strengthen malware-blocking capabilities, respond swiftly to unusual behaviours and predict approaching threats. Furthermore, AI does this at speed and with a comprehensive coverage far beyond the scope of human beings.
Give botnets the brush off As well as threats entering the network via malicious emails and file attachments, compromised websites can also cause a huge amount of damage to day-to-day operations. If a staff member inadvertently visits a site that has been infected by a botnet, or had its command and control server compromised, this could have disastrous consequences for a business. A legitimate company’s own website is also a prime target for attack, because it offers a gateway through which criminals can infiltrate the network. With many SMBs relying on their website as the main sales tool, window into their offering and source of brand identity, any compromise can be fatal. A data breach or halt to operations can cause reputational and financial damage, from which many SMBs will never recover: according to Hiscox, just 21% of small businesses have cyber insurance and the reputational and collateral damage can be huge.3
These threats can be greatly reduced by including an intelligent (AI) botnet and content filter within the company’s cyber defences. This will ensure that all URLs visited are checked against the very latest, up-to-the-minute information and identification for cyberthreats. With AI, such verification can be made in light of both local and wider knowledge. If a site is malicious, access is blocked and, perhaps even more helpfully, AI uses the information to strengthen its own performance going forward.
Looking to the future Businesses are only just starting to explore the capabilities of AI, but already it is clear that any business at risk of cyber attack needs a network security solution that can cope with – or even better, thrive on – change, and deal with known, unknown and unfolding threats. In particular, the firewall around the business must be reinforced by intelligent security capabilities. This is absolutely crucial for SMBs since, according to Verizon’s 2018 ‘Data Breach Investigations Report’, 58% of cyber attack victims were small businesses, although this fell slightly, to 43%, in the 2019 report.4 Either way, small businesses still represented one of the largest identifiable groups among breach victims. Yet while AI shows great promise in cyber security it is important not to become complacent. AI is not (at least, not yet) a silver bullet. The cyber criminals are just as intelligent as the ‘good
August 2019
FEATURE guys’ fighting them and as AI security measures learn and evolve, criminals are finding new ways to get around them. AI currently relies on a great deal of human intervention – for provision of data, for example – and while the ultimate goal is to make AI security applications stand alone and self-direct to a much greater extent, that is still some way off. Fortunately, for SMBs the take-home messages are clear. Make sure you have planned for cyber attacks, because it really is a matter of when, not if. Have a firewall, ideally underpinned by machine learning or another form of AI. Keep an eye on that firewall and on the AI: somebody in the IT department (or an expert partner agency working on your behalf) should be watching for patterns of behaviour such as abnormal numbers of files being sandboxed or other suspicious activity that suggests somebody is messing with your defences. Most of all, operate on the understanding that however good your defences, cyber criminals will actively develop ways to breach them, and are doing so
even as you read this, so make sure you continue to carry out standard, traditional security procedures such as keeping all software up to date and training staff in cyber security. Looking ahead, the sheer volume of data now being generated means that ultimately, the numbers will defeat human capabilities. Thus, AI is the way forward for many applications, including security. In time, AI security applications will become more independent but for now the message is, have an AI solution as well as your firewall and other applications, but don’t take your eye off the ball and never stop looking out for cyberthreats.
About the author Thorsten Kurpjuhn has worked in the IT industry since 1999 and his career includes key roles at value-add arms of Ingram Micro and IBM. After joining Zyxel in 2007 he started as a product manager for security and WLAN and changed in 2009 to an EMEA marketing development role for security gateways.
His responsibility included the successful creation and market introduction of three generations of firewalls and the buildup of a comprehensive licence and cloud portfolio.
References 1. ‘Cisco 2018: Annual Cybersecurity Report’. Cisco, 2018. Accessed Jul 2019. www.cisco.com/c/dam/m/ digital/elq-cmcglobal/witb/acr2018/ acr2018final.pdf. 2. ‘2018 State of Cybersecurity in Small & Medium Size Businesses’. Ponemon Institute/Keeper, 2018. Accessed Jul 2019. https://keepersecurity.com/assets/pdf/Keeper-2018Ponemon-Report.pdf. 3. ‘2018 Hiscox Small Business Cyber Risk Report’. Hiscox, 2018. Accessed Jul 2019. www.hiscox.com/ documents/2018-Hiscox-Small-Business-Cyber-Risk-Report.pdf. 4. ‘2019 Data Breach Investigations Report’. Verizon, 2019. Accessed Jul 2019. https://enterprise.verizon.com/ resources/reports/dbir/.
Decrypting SSL traffic: best practices for security, compliance and productivity
Adrian Taylor
Adrian Taylor, A10 Networks Back in 2014, when Google’s search engine started giving HTTPS sites a boost in their ranking algorithm, only 15% of websites worldwide used a valid SSL (secure socket layer) certificate. But Google recently reported that 94% of traffic across all its products and services is now encrypted.1 The use of encryption is being seen not just by Google, but by other browsers such as Safari and Mozilla, as security is now a top priority. So, what does this rising wave of encryption mean for organisations, and what can they do about it?
August 2019
Organisations at risk The biggest benefit of traffic encryption is, of course, privacy. After all, if you’re shopping or banking online, you don’t want your credit card number or any other pieces of person-
ally identifiable information (PII) to be seen by anyone else. To ensure that such privacy is maintained for Internet users, a variety of laws such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) have been established around the world. However, the protective nature of encryption can easily be misused to
Network Security
17
“The malicious Mirai bot, which targeted IoT devices, took down the Eastern half of the US, leveraging 100,000 infected IOT devices practically overnight. And as sensational as it sounds, that feels like the tip of the iceberg” For today’s hacker, the process of capturing devices for a botnet is a fairly simple task that is usually automated. Hackers typically compromise devices via brute force login, a simple method that tries various combinations of usernames and passwords again and again until access is gained. If a match is found, the device is exploited and a malicious payload is downloaded to the device. The payloads downloaded today can vary, but it usually gives the bot-herder the ability to remotely control the infected device just like a traditional PC botnet. Anything connected to the Internet is at risk of attack. We already know there
is a precedent for IoT. The malicious Mirai bot, which targeted IoT devices, took down the Eastern half of the US, leveraging 100,000 infected IOT devices practically overnight. And as sensational as it sounds, that feels like the tip of the iceberg. I predict that next year we will see much bigger attacks as hackers unleash bots to tap into agricultural IoT networks.
Food chain It’s very likely that parts of Europe and the US food supply chain could be paralysed to the extent that recovery might not be possible if we don’t put the right precautions in place now. Tonnes and tonnes of crops could perish, thousands and thousands of people could face hunger. The economics of food production will come under intense pressure as we adopt more IoT to support production and replace human labour. As will our practices for keeping the networks and cloud applications secure. IoT botnets continue to evolve and they are becoming more versatile. It wasn’t long ago that Mirai reached the 1Tbps mark but the process of how it was done has improved, leading many of us in the industry to worry about the next super attack. Ultimately, cyber criminals follow the money by taking the path of least resistance. Traditional exploit kits have been deemed high maintenance and hard to maintain due to improved security practices and a diminishing availability of private exploits. So botnets are now the favoured
tool and AgTech is just one of many sectors that could provide hackers with the unsecure IoT devices they seek to control. Anyone looking to invest in AgTech devices or services needs to be aware of the potential risks they could be opening themselves to. They must ensure their IoT devices are not easy pickings for cyber criminals who are searching for low-hanging fruit. It’s important to take pre-emptive steps and not simply wait to become another victim. Technology can do wonderful things but if it’s not properly managed and if security isn’t a key factor in that management, then technology that was designed to help can rapidly turn into a nightmare. Let’s hope farmers turn to the experts early to properly manage their security and ensure they reap the benefits of IoT. We want to ensure that this key industry is well protected and isn’t seen as just another target for opportunistic hackers.
About the author Mike O’Malley brings 20 years of experience in strategy, product and business development, marketing, M&A and executive management to Radware. In his role as vice-president of carrier strategy and business development, he is responsible for leading strategic initiatives for wireless, wireline and cloud service providers. O’Malley has extensive experience developing innovative products and strategies, including security, cloud and wireless.
Demystifying the role of AI for better network security
Thorsten Kurpjuhn
Thorsten Kurpjuhn, Zyxel There is a lot of excitement and expectation around the role of artificial intelligence (AI) in business. From website chatbots that offer an enhanced customer experience, to biometric recognition and customer data analysis, AI has much to offer the small to medium-size business (SMB) community. Indeed, many businesses are already using it in one form or another – some without even realising it. 14
Network Security
Nowhere is AI more promising than in security, where it has been heralded as the answer to cyber security worries. SMBs are fighting a losing battle against
August 2019
FEATURE
The degree to which organisations rely on automation, machine learning and artificial intelligence. Source: Cisco.
proliferating malware and cyberthreats, which are themselves increasingly powered by criminals’ use of AI. Consequently, the ability of defensive AI to evolve, using machine learning to develop ever more precise responses to threats and to anticipate new attacks, is extremely attractive. Adding an intelligent, machine-based layer to traditional cyber security approaches can help companies secure their networks to a much greater extent than traditional measures alone.
“With criminals deploying AI within their own operations, it is increasingly hard for IT teams to keep up and near-impossible for a basic firewall to identify all of the malware it encounters”
with the sole purpose of stealing data for sale on the dark web. Combatting cyberthreats is not an exact science and with new variants being developed all the time, and criminals deploying AI within their own operations, it is increasingly hard for IT teams to keep up and near-impossible for a basic firewall to identify all of the malware it encounters. But with 53% of midmarket companies having fallen victim to a cyber security-based breach, and 40% of those experiencing eight or more hours of system downtime as a result, it is essential to keep all threats at bay.1 Given that criminals are using AI
with increasing sophistication, only an AI-powered response is likely to suffice. With threats evolving so fast that some commentators are now referring to a ‘cyberwar’ between criminals and their targets, the ability to immediately isolate unknown files is the first step in securing the network. This can be done by sandboxing (ie, moving suspect files to a virtual environment that isolates and contains unknown programs in a safe cloud environment, for further investigation away from the main network). At the moment, sandboxing can occur through human intervention or by automation built into security measures. Sandboxing is useful when applied in conjunction with AI because the learning that takes place within that emulated and secure environment allows an AI defence system to develop ‘immunity’, continually learning and bolstering its defences by analysing the traffic and files that have tried to enter the network. This feature means that protection can constantly evolve to remain robust and
Although the two are often confused, AI goes a step beyond mere automation. Once in place, AI mimics human qualities of intelligence and adaptation, taking lessons learned from prior experience to neutralise or fend off attacks and anticipate attackers’ future behaviour. To get the most out of AI in a security setting, it is vital to understand the key components that make up a robust and reliable solution and the main areas where AI can make a real difference.
Data matters The recent ramping-up of data protection legislation worldwide reflects an important truth – data is a hugely valuable commodity and businesses must protect it or face dire consequences. Criminals are developing new threats daily, often with the malicious use of AI,
August 2019
Types of cyber attacks experienced by organisations in 2018, compared to 2017. Source: Ponemon Institute/Keeper.
Network Security
15
FEATURE reliable, no matter what is thrown at the network or however threats evolve. Some AI developers are now extending the scope of traditional sandboxing to create isolated environments that not only contain threatening files but, crucially, allow them to execute fully. This provides vital information for AI systems that would be far too dangerous to explore elsewhere.
“In the near future, AI defence systems may not only sandbox files they see as unusual or worrisome, they may also flex or restrict users’ access and authentication capabilities in response to unusual or unexpected patterns of behaviour” However, there remains plenty of room for AI both to improve this process and feed upon it. For example, in the near future, AI defence systems may not only sandbox files they see as unusual or worrisome, they may also flex or restrict users’ access and authentication capabilities in response to unusual or unexpected patterns of behaviour, and/or the number of files being ‘sandboxed’ from a particular point of entry to the network.
Mitigating malware Any solution deployed to secure a company from external threats is only as good as the very latest information it is based on, and that information changes by the minute. As we have seen, cyber criminals are now using AI just as enthusiastically as IT security firms and departments: research from the Ponemon Institute found that advanced malware and zero-day attacks increased from 16% to 24% over the past year.2 Using a firewall alone to block malware is like relying on an old umbrella with holes to keep the rain off: it will get through and you will get wet. The only way to block the very latest malware is to empower and constantly update your defences. In other words, to use AI. Any good network defence strategy needs up-to-the-minute information and 16
Network Security
Main groups of victims of data breaches. Source: Verizon.
insight, in order to block and defy zeroday malware. Fortunately, this is where AI excels. By using reliable sources, including feedback from devices, third-party data and top-ranked threats, defences can be optimised to strengthen malware-blocking capabilities, respond swiftly to unusual behaviours and predict approaching threats. Furthermore, AI does this at speed and with a comprehensive coverage far beyond the scope of human beings.
Give botnets the brush off As well as threats entering the network via malicious emails and file attachments, compromised websites can also cause a huge amount of damage to day-to-day operations. If a staff member inadvertently visits a site that has been infected by a botnet, or had its command and control server compromised, this could have disastrous consequences for a business. A legitimate company’s own website is also a prime target for attack, because it offers a gateway through which criminals can infiltrate the network. With many SMBs relying on their website as the main sales tool, window into their offering and source of brand identity, any compromise can be fatal. A data breach or halt to operations can cause reputational and financial damage, from which many SMBs will never recover: according to Hiscox, just 21% of small businesses have cyber insurance and the reputational and collateral damage can be huge.3
These threats can be greatly reduced by including an intelligent (AI) botnet and content filter within the company’s cyber defences. This will ensure that all URLs visited are checked against the very latest, up-to-the-minute information and identification for cyberthreats. With AI, such verification can be made in light of both local and wider knowledge. If a site is malicious, access is blocked and, perhaps even more helpfully, AI uses the information to strengthen its own performance going forward.
Looking to the future Businesses are only just starting to explore the capabilities of AI, but already it is clear that any business at risk of cyber attack needs a network security solution that can cope with – or even better, thrive on – change, and deal with known, unknown and unfolding threats. In particular, the firewall around the business must be reinforced by intelligent security capabilities. This is absolutely crucial for SMBs since, according to Verizon’s 2018 ‘Data Breach Investigations Report’, 58% of cyber attack victims were small businesses, although this fell slightly, to 43%, in the 2019 report.4 Either way, small businesses still represented one of the largest identifiable groups among breach victims. Yet while AI shows great promise in cyber security it is important not to become complacent. AI is not (at least, not yet) a silver bullet. The cyber criminals are just as intelligent as the ‘good
August 2019
FEATURE guys’ fighting them and as AI security measures learn and evolve, criminals are finding new ways to get around them. AI currently relies on a great deal of human intervention – for provision of data, for example – and while the ultimate goal is to make AI security applications stand alone and self-direct to a much greater extent, that is still some way off. Fortunately, for SMBs the take-home messages are clear. Make sure you have planned for cyber attacks, because it really is a matter of when, not if. Have a firewall, ideally underpinned by machine learning or another form of AI. Keep an eye on that firewall and on the AI: somebody in the IT department (or an expert partner agency working on your behalf) should be watching for patterns of behaviour such as abnormal numbers of files being sandboxed or other suspicious activity that suggests somebody is messing with your defences. Most of all, operate on the understanding that however good your defences, cyber criminals will actively develop ways to breach them, and are doing so
even as you read this, so make sure you continue to carry out standard, traditional security procedures such as keeping all software up to date and training staff in cyber security. Looking ahead, the sheer volume of data now being generated means that ultimately, the numbers will defeat human capabilities. Thus, AI is the way forward for many applications, including security. In time, AI security applications will become more independent but for now the message is, have an AI solution as well as your firewall and other applications, but don’t take your eye off the ball and never stop looking out for cyberthreats.
About the author Thorsten Kurpjuhn has worked in the IT industry since 1999 and his career includes key roles at value-add arms of Ingram Micro and IBM. After joining Zyxel in 2007 he started as a product manager for security and WLAN and changed in 2009 to an EMEA marketing development role for security gateways.
His responsibility included the successful creation and market introduction of three generations of firewalls and the buildup of a comprehensive licence and cloud portfolio.
References 1. ‘Cisco 2018: Annual Cybersecurity Report’. Cisco, 2018. Accessed Jul 2019. www.cisco.com/c/dam/m/ digital/elq-cmcglobal/witb/acr2018/ acr2018final.pdf. 2. ‘2018 State of Cybersecurity in Small & Medium Size Businesses’. Ponemon Institute/Keeper, 2018. Accessed Jul 2019. https://keepersecurity.com/assets/pdf/Keeper-2018Ponemon-Report.pdf. 3. ‘2018 Hiscox Small Business Cyber Risk Report’. Hiscox, 2018. Accessed Jul 2019. www.hiscox.com/ documents/2018-Hiscox-Small-Business-Cyber-Risk-Report.pdf. 4. ‘2019 Data Breach Investigations Report’. Verizon, 2019. Accessed Jul 2019. https://enterprise.verizon.com/ resources/reports/dbir/.
Decrypting SSL traffic: best practices for security, compliance and productivity
Adrian Taylor
Adrian Taylor, A10 Networks Back in 2014, when Google’s search engine started giving HTTPS sites a boost in their ranking algorithm, only 15% of websites worldwide used a valid SSL (secure socket layer) certificate. But Google recently reported that 94% of traffic across all its products and services is now encrypted.1 The use of encryption is being seen not just by Google, but by other browsers such as Safari and Mozilla, as security is now a top priority. So, what does this rising wave of encryption mean for organisations, and what can they do about it?
August 2019
Organisations at risk The biggest benefit of traffic encryption is, of course, privacy. After all, if you’re shopping or banking online, you don’t want your credit card number or any other pieces of person-
ally identifiable information (PII) to be seen by anyone else. To ensure that such privacy is maintained for Internet users, a variety of laws such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) have been established around the world. However, the protective nature of encryption can easily be misused to
Network Security
17