sb-au logo
Story image

Govts risk cyber attacks if they continue to demand encryption backdoors

27 Aug 2019

Governments that flout encryption best practice and mandate the inclusion of backdoors into technology are putting their entire countries at risk, according to security professionals.

With election time looming, backdoors are perfect targets for cyber attackers who look to target election infrastructure.

It was only last year with ‘Five Eyes’ nations (United States, Canada, United Kingdom, Australia, and New Zealand) were lobbying for technology providers to build backdoors into their solutions.

According to 384 IT professionals polled at Black Hat USA 2019, 74% believe that countries with government-mandated encryption backdoors are more susceptible to nation-state attacks.

Furthermore, many professionals believe that backdoors won’t make countries any safer – 72% believe laws that allow governments to access encrypted personal data will not make countries safer from terrorists.

“Last month, the U.S. Senate Intelligence Committee reported that election systems in all 50 states were targeted by Russia during the 2016 election,” comments Venafi’s vice president of security strategy and threat intelligence, Kevin Bocek.

“We know that encryption backdoors dramatically increase security risks for every kind of sensitive data, and that includes all types of data that affects our national security. The IT security community overwhelmingly agrees that encryption backdoors would have a disastrous impact on the integrity of our elections and on our digital economy as a whole.”

70% of security professionals believe countries with government-mandated encryption backdoors are at an economic disadvantage in the global marketplace; and 84% would never knowingly use a device or program from a company that agreed to install a backdoor.

“On a consumer level, people want technology that prioritises the security and privacy of their personal data,” Bocek adds.

“This kind of trust is priceless. Encryption backdoors would not only make us much less safe at a national level, they also clearly have the potential to inflict significant economic and political damage.” 

Venafi states that many government and law enforcement officials across the world either believe that the risks encryption backdoors bring are worth it if they can be used to catch malicious actors, or think that there is a technical solution that can mitigate these risks. “Information security professionals overwhelmingly disagree with these beliefs,” Venafi concludes.

Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise - on premises, mobile, virtual, cloud and IoT - at machine speed and scale.

Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

Story image
Keyfactor and Primekey announce partnership to automate PKI
“PrimeKey and Keyfactor share a mutual respect and mission to provide trust and security in zero-trust networks and manufacturing environments.”More
Story image
Surge in encrypted malware prompts warning about detection strategies
“If you are not decrypting and scanning your secure web connections, you are likely missing a large majority of malware,” the report states.More
Story image
Cyber attacks keeping business leaders up at night, new research finds
Data breaches and insider threats are keeping organisations up at night, according to new research from KnowBe4, the security awareness training and simulated phishing platform.More
Story image
Fortinet’s Security Fabric: Optimised for a remote workforce
Cornelius Mare, Fortinet A/NZ Director Security Solutions, explains how a comprehensive security fabric can help protect and enable a mobile / remote workforce.More
Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More
Story image
Why DX is not complete without a transformed security architecture
Secure Access Services Edge (SASE) is the process by which core WAN edge capabilities like SD-WAN, routing, and WAN optimisation at branch locations are integrated with cloud-based security services like secure web gateways, firewall-as-a-service, cloud access security brokers, and more.More