sb-au logo
Story image

Govts risk cyber attacks if they continue to demand encryption backdoors

27 Aug 2019

Governments that flout encryption best practice and mandate the inclusion of backdoors into technology are putting their entire countries at risk, according to security professionals.

With election time looming, backdoors are perfect targets for cyber attackers who look to target election infrastructure.

It was only last year with ‘Five Eyes’ nations (United States, Canada, United Kingdom, Australia, and New Zealand) were lobbying for technology providers to build backdoors into their solutions.

According to 384 IT professionals polled at Black Hat USA 2019, 74% believe that countries with government-mandated encryption backdoors are more susceptible to nation-state attacks.

Furthermore, many professionals believe that backdoors won’t make countries any safer – 72% believe laws that allow governments to access encrypted personal data will not make countries safer from terrorists.

“Last month, the U.S. Senate Intelligence Committee reported that election systems in all 50 states were targeted by Russia during the 2016 election,” comments Venafi’s vice president of security strategy and threat intelligence, Kevin Bocek.

“We know that encryption backdoors dramatically increase security risks for every kind of sensitive data, and that includes all types of data that affects our national security. The IT security community overwhelmingly agrees that encryption backdoors would have a disastrous impact on the integrity of our elections and on our digital economy as a whole.”

70% of security professionals believe countries with government-mandated encryption backdoors are at an economic disadvantage in the global marketplace; and 84% would never knowingly use a device or program from a company that agreed to install a backdoor.

“On a consumer level, people want technology that prioritises the security and privacy of their personal data,” Bocek adds.

“This kind of trust is priceless. Encryption backdoors would not only make us much less safe at a national level, they also clearly have the potential to inflict significant economic and political damage.” 

Venafi states that many government and law enforcement officials across the world either believe that the risks encryption backdoors bring are worth it if they can be used to catch malicious actors, or think that there is a technical solution that can mitigate these risks. “Information security professionals overwhelmingly disagree with these beliefs,” Venafi concludes.

Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise - on premises, mobile, virtual, cloud and IoT - at machine speed and scale.

Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Tesserent to acquire Secure Logic's managed security services business
Secure Logic delivered an audited turnover of $9 million in FY 2020 and a $4.2 million EBITDA, with reportedly ‘strong’ earnings going into FY 2021.More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
Hackers offering forged “official” COVID vaccination certificates and negative test results on dark net 
There has been a 350% increase in the number of advertisements selling alleged COVID vaccines within the last three months.More