SSL certificate research highlights pitfalls for company data, competition

Research into how the enterprise handles and deploys security certificates has revealed risks to data that may be overlooked. 

On Thursday, the Detectify Labs team published a report based on the initial analysis of public SSL/TLS certificates, conducted from June 2021.

The team says that there are “pitfalls” to the deployment of these certificates that “can lead to company data being exposed or compromised by malicious actors.”

SSL/TLS certificates, issued by certificate authorities (CA), are used to authenticate and secure connections made through a browser. Encryption is used to protect communication streams during online sessions. 

When important information is transferred — including the submission of personal data or when financial transactions are performed — encryption via certificates is key to preventing theft, eavesdropping, and Man-in-The-Middle (MiTM) attacks. 

“SSL/TLS certificates make the internet a safer place, but many companies are unaware that their certificates can become a looking glass into the organization — potentially leaking confidential information and creating new entry points for attackers,” the cybersecurity researchers said. 

The Detectify analysis included the examination of over 900 million SSL/TLS certificates and associated events generated from issuing organizations including Google, Amazon, Let’s Encrypt, and Digicert, made possible through public data points. While the

Read More: