“Encrypted.” It’s a comforting word these days, especially when you’re purchasing something online. Just seeing the word on your screen when you’re about to enter your credit card details makes you breathe a little easier. Quite reasonably you think, “Oh, this transaction is encrypted; I’m safe.”
In theory, encryption is an ironclad guarantee that outside parties won’t be able to access our payment details, passwords, or our web usage habits. Problem is, there’s really no such thing as an ironclad guarantee when it comes to technology.
One thing is for certain: encryption has grown in importance. The Electronic Frontier Foundation recently reported that half of all web traffic is now encrypted. And it’s no passing fad. Encrypted traffic has been increasing by more than 90 per cent year over year, and Gartner research tells us that more than 80 per cent of enterprise web traffic will be encrypted by 2019.
It would be difficult to argue that encryption technology has been a bad thing; encryption has made it possible for individuals and enterprises alike to enjoy a higher level of privacy and security. The garden variety web user will look at encryption at a surface level, thinking more encryption means a safer web experience.
But there is another face to encryption. For technology teams around the world, the coming tidal wave of encrypted web traffic means more work; in specific terms, it means a torrent of traffic they will be unable to analyze without robust decryption technology. Meanwhile, you have an army of bad actors from Beijing to Boston who can and do launch attacks via encryption which, after all, can hide malware in its folds, just as it hides critical data.
To some, this might seem like a whole lot of needless hand-wringing. However, when you have a 2016 industry study reporting that three-quarters of IT experts surveyed believe malware could steal employee credentials from the networks they work so hard to keep secure, you know the hand-wringing is justified.
Gartner believes that by 2020, more than 60 per cent of corporate IT teams will be struggling to decrypt HTTPS traffic efficiently. By then, the same research firm predicts 70 per cent of web malware will be hidden in encrypted traffic.
What this means is that companies must start — today — placing more focus on decryption. To use the imagery of a tsunami: the wave is coming; it might be 20 miles off shore today in 2017, but make no mistake, it’s on its way.
The white paper “Encrypted Traffic Analytics” provides timely information on an advanced analytic solution to help companies detect cyber-threats hidden in encrypted web traffic.