Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.
Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. This is a significant step forward for data integrity and consumer privacy.
However, organizations with a commitment to data privacy aren’t the only ones who see value in obscuring their digital footprint in encrypted traffic. Cybercriminals have been quick to weaponize encryption as a means to hide their malicious activity in otherwise benign traffic.
Gartner shared that 70 percent of malware campaigns in 2020 used some type of encryption. And Zscaler is blocking 733 million encrypted attacks per month this year, an increase of 260 percent over 2019.
According to a Joint Cybersecurity Advisory issued by the FBI, CISA, the U.K. National Cyber Security Centre and the Australian Cyber Security Centre, encrypted protocols are used to mask lateral movement and other advanced tactics in 60 percent