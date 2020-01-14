Some of the world’s largest enterprises—Equifax, Asus, Ericsson—have been victims of breaches or outages, all with dramatic results. Their efforts to get ahead of these threats seem fruitless. If you are not asking, “ if those companies were breached, how safe is mine?”, you should be.

The tools we use daily to make our lives easier can also produce our biggest nightmares. At work, at home and in between, our connected devices share information over open networks: laptops, phones, “smart” devices, appliances, and even medical apparatus like pacemakers and insulin pumps. This all amounts to massive data production – 2.5 quintillion bytes every day. So how can we secure all that data?

Companies make immense efforts to secure their connected networks, typically spending millions on security systems. Still, the risk of breaches or network and application outages is increasing exponentially. Equifax and the others are just examples that show it’s not a matter of if, but when an organization will be hit, and how prepared it is to face it.

The reality is that security is defined by trust—trust in the organization, its diligence, its commitment, it’s savvy. Without trust and competence, breaches and outages are inevitable. This is the essence of the Exposure Epidemic – and as with any widespread disease, everyone is subject to infection.

Revisiting the immense amounts of data passing through millions of connecting points, a company should be able to validate if each of those points can be trusted, and then act accordingly. But how can a company do that, when this plethora of data increases the cyberattack surface and the risk of breaches?

The easy answer? Digital certificates. Just as individuals use usernames and passwords, companies use digital certificates to secure devices and applications to determine if the data passing through can be trusted or not. When digital certificates are mismanaged, compromised, or expired, the door to an Exposure Epidemic is left wide open.

There is a commonality among the most recent egregious breaches:

Equifax suffered a breach— because of a single expired digital certificate — that impacted 148 million of its customers.

A day-long outage impacting more than 60 million mobile network users in the U.K. and Japan was also the result of one expired certificate.

ASUS was the victim of hackers hijacking and using an unprotected key to push malware to more than half a million unsuspecting users of ASUS manufactured devices.

Obviously, without proper management, keys and certificates originally intended to help identify trusted data can now easily be used as weapons against organizations. Incredulously, this side of security is often overlooked.

Our collective efforts must be to find the right technology and processes to effectively manage digital certificates. Otherwise, we are ill-equipped to protect our businesses and customers from the Exposure Epidemic.