SSL 3.0 and TLS 1.0 are still in use. When will companies realize that the threat is real?
Quantum Xchange warns about the growing risks associated with the use of outdated cryptographic protocols. According to the researchers, the lack of proper evaluation and verification of cryptographic protection can lead to serious consequences for business, especially given the growing cost of data leaks and the approaching era of quantum computing.
After analyzing more than 200 terabytes of network traffic, Quantum Xchange experts found that up to 80% of traffic contains encryption vulnerabilities, and 61% of data is not encrypted at all. Approximately 56.5% of unidirectional TCP or UDP connections do not use encryption, which is a worrying indicator.
However, the biggest concern is the continued use of legacy protocols, including TLS 1.0 and even SSL 3.0, which are still widespread in industries such as healthcare and higher education.
But there are worse things than outdated protocols — the absence of any encryption at all. So, 92% of traffic in the field of hospitals and healthcare is not encrypted at all, which definitely causes confusion and alarm.
"This data is a snapshot of what's happening in enterprise systems around the world," says Vince Burke, chief strategy officer at Quantum Xchange.
"The concept of zero trust is meaningless if your encryption is flawed. We aim to draw attention to the current problem of cryptography so that organizations can address these weaknesses and better protect their systems before it's too late," Burke concluded.
Quantum Xchange warns about the growing risks associated with the use of outdated cryptographic protocols. According to the researchers, the lack of proper evaluation and verification of cryptographic protection can lead to serious consequences for business, especially given the growing cost of data leaks and the approaching era of quantum computing.
After analyzing more than 200 terabytes of network traffic, Quantum Xchange experts found that up to 80% of traffic contains encryption vulnerabilities, and 61% of data is not encrypted at all. Approximately 56.5% of unidirectional TCP or UDP connections do not use encryption, which is a worrying indicator.
However, the biggest concern is the continued use of legacy protocols, including TLS 1.0 and even SSL 3.0, which are still widespread in industries such as healthcare and higher education.
But there are worse things than outdated protocols — the absence of any encryption at all. So, 92% of traffic in the field of hospitals and healthcare is not encrypted at all, which definitely causes confusion and alarm.
"This data is a snapshot of what's happening in enterprise systems around the world," says Vince Burke, chief strategy officer at Quantum Xchange.
"The concept of zero trust is meaningless if your encryption is flawed. We aim to draw attention to the current problem of cryptography so that organizations can address these weaknesses and better protect their systems before it's too late," Burke concluded.
