More than half of web traffic is now encrypted, according to the Electronic Frontier Foundation (EFF). That’s a big win for businesses and all of us, since it guards against eavesdropping and tampering with content as it moves from device to server and back again.
The move from http to https has been driven in large part by Google, which highlighted http sites as unsecure and made encryption a ranking factor for its search results, pushing more and more businesses to adopt it.
Of course this rise in encryption comes with one big, obvious downside. Hackers too now use encryption for their attacks, making them harder to spot amidst a stream of encrypted traffic.
Attacks that weaponize two common encryption protocols, Secure Sockets Layer (SSL) and Transport Layer Security (TLS), are on the rise. Some 39 percent of organizations experienced an SSL or TLS attack in 2016, but only a quarter said they were confident they could detect and mitigate them. Beyond this, recent research found that there were twice as many encrypted malware payloads in the first six months of 2017 than the whole of 2016.
Stopping them is easier said than done. Many businesses are left in the dark, struggling to distinguish good traffic from bad when it’s all encrypted. But there are steps organizations can take to avoid becoming the next victim