1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Most infosec pros forget to change keys after a breach

Discussion in 'CSO' started by RSS, Jun 8, 2015.

  1. RSS

    RSS New Member Member

    One of the things that hackers look for when they break into an enterprise is encryption keys and security certificates, but most security professionals don't know how to respond if the keys are compromised during a breach.

    That's the result of a survey released today by security vendor Venafi, which canvassed 850 security professionals at last month's RSA conference.

    "You saw in the Sony breach that there were dozens of keys and certificates exposed as part of the data theft," said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.

    MORE ON CSO: 10 mistakes companies make after a data breach

    But only 8 percent of the security professionals surveyed said that they would fully remediate against a Sony-like attack by replacing potentially compromised keys and certificates.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page