Story image

AU & NZ: An event worse than Y2K, are you protected?

07 Sep 16

On January 1st, 2017, an event significantly worse than Y2K will take place.

Over time, SHA-1 has become vulnerable and in January next year, browsers such as Google Chrome and Microsoft Explorer will start rejecting SHA-1 certificates.

Cyber security company Venafi is advising Australian and New Zealand businesses to migrate to SHA-2 before the expiry date, and before it’s too late.  

If you’re not already familiar, SHA-1 is one of several cryptographic hash functions, most often used to verify that a file has been unaltered.

Jeff Hudson, CEO of Venafi a market leading cyber security company, says the SHA-1 expiration will be 1,000 times worse than Y2K.

“People were ready and understood Y2K, even though it turned out to be a non-event,” states Hudson.

He explains that SH-1 was introduced back in 1995 but the internet was a very different place back then.

“Looking forward to now, computer power is far more advanced and SHA-1 is now known to be vulnerable to attack,” he explains.

“As technology progresses so must our security instruments,” he says.

Hudson explains that by the 1st of January, websites that haven’t migrated will not be authenticated properly.

“The effect will be that websites will not be trusted and the users will be notified of that. It will look very bad to web site visitors and will do brand and reputation damage,” he says. 

The cyber security CEO adds that there are three cryptographic mistakes businesses are making today.

Number one is not having viability on where their keys and certificates are located, the next is having zero automation in place to ensure certificates and keys don’t expire, and the third is not having the ability to move fast enough when something goes wrong.

“Any organisation needs to ensure their network is safe, and to ensure this is happening you need to have visibility on every certificate,” explains Hudson.

“This is impossible for humans to manage, because of the sheer volume of certificates and the speed at which changes occur. It requires a platform that can provide intelligent visibility and automate the secure lifecycle,” he says.

While it’s imperative that businesses migrate to SHA-2, Hudson says that it is a bit of an arduous task (but with obvious benefits).

“We are finding this is taking months for some companies. For many Venafi clients, the migration took place in a matter of days,” he says.

“SHA1 is a real threat, but people don’t understand and are not ready for the repercussions of what is going to happen on January 1st 2017.”

ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Kiwis concerned about being scammed – survey
This unease is warranted given the growing sophistication of scammers and their activities, and numbers of attempted fraud.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Interview: Aruba’s NZ country manager talks channel strategy
“What we're taking to market is that message around simplification and having everything in one place.”
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.