Most infosec pros forget to change keys after a breach
One of the things that hackers look for when they break into an enterprise is encryption keys and security certificates, but most security professionals don’t know how to respond if the keys are compromised during a breach.
That’s the result of a survey released today by security vendor Venafi, which canvassed 850 security professionals at last month’s RSA conference.
“You saw in the Sony breach that there were dozens of keys and certificates exposed as part of the data theft,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
But only 8 percent of the security professionals surveyed said that they would fully remediate against a Sony-like attack by replacing potentially compromised keys and certificates.