UK firms at risk from attacks on crypto keys, digital certificates

Jul 01, 2015

Sriram Srinivasan, a cyber security expert at 7Safe, a PA Consulting Group company is quoted in an article in SC Magazine commenting on a recent study which reveals that digital keys and certificates are in peril, especially at UK organisations.
The article explains that the biggest concern security professionals have is of a ‘Cryptoapolocalypse’-like event, where RSA and SHA encryption protocols are compromised and exploited, although misused enterprise certificates are also a problem.

Sriram says: “Cryptoapocalytic events where fundamental cryptographic algorithms are compromised would have far reaching consequences for businesses and governments world-wide and most businesses are poorly equipped to respond to such an event.
“Widespread theft of cryptographic keys and the compromise of certificates which underpin the security of modern IT and communication systems such as the recently alleged large scale theft of keys from a global SIM card manufacturer would also fall into the same category if they are in fact true.

“In our experience, most organisations today have policies and standards in place on the use of cryptography. However, with the growing complexity of modern IT systems, there is often a lack of understanding of the full extent of the proliferation of cryptographic keys and certificates within their environments.”

Sriram goes on to say: “Organisations also have poor understanding of the consequences arising from a compromise of their keys and certificates and often do not have a view on how they would respond. Too few organisations have robust systems in place for the ongoing inventory and management of keys and certificates. They must also ensure that they have a well-defined strategy supported by senior management to promote the on-going health and security of their cryptographic systems.”