Story image

AU & NZ: An event worse than Y2K, are you protected?

07 Sep 2016

On January 1st, 2017, an event significantly worse than Y2K will take place.

Over time, SHA-1 has become vulnerable and in January next year, browsers such as Google Chrome and Microsoft Explorer will start rejecting SHA-1 certificates.

Cyber security company Venafi is advising Australian and New Zealand businesses to migrate to SHA-2 before the expiry date, and before it’s too late.  

If you’re not already familiar, SHA-1 is one of several cryptographic hash functions, most often used to verify that a file has been unaltered.

Jeff Hudson, CEO of Venafi a market leading cyber security company, says the SHA-1 expiration will be 1,000 times worse than Y2K.

“People were ready and understood Y2K, even though it turned out to be a non-event,” states Hudson.

He explains that SH-1 was introduced back in 1995 but the internet was a very different place back then.

“Looking forward to now, computer power is far more advanced and SHA-1 is now known to be vulnerable to attack,” he explains.

“As technology progresses so must our security instruments,” he says.

Hudson explains that by the 1st of January, websites that haven’t migrated will not be authenticated properly.

“The effect will be that websites will not be trusted and the users will be notified of that. It will look very bad to web site visitors and will do brand and reputation damage,” he says. 

The cyber security CEO adds that there are three cryptographic mistakes businesses are making today.

Number one is not having viability on where their keys and certificates are located, the next is having zero automation in place to ensure certificates and keys don’t expire, and the third is not having the ability to move fast enough when something goes wrong.

“Any organisation needs to ensure their network is safe, and to ensure this is happening you need to have visibility on every certificate,” explains Hudson.

“This is impossible for humans to manage, because of the sheer volume of certificates and the speed at which changes occur. It requires a platform that can provide intelligent visibility and automate the secure lifecycle,” he says.

While it’s imperative that businesses migrate to SHA-2, Hudson says that it is a bit of an arduous task (but with obvious benefits).

“We are finding this is taking months for some companies. For many Venafi clients, the migration took place in a matter of days,” he says.

“SHA1 is a real threat, but people don’t understand and are not ready for the repercussions of what is going to happen on January 1st 2017.”

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.