Proprietary Research from Quantum Xchange Shows the Dreadful State of Enterprise Cryptography

More than Half of All Network Traffic is Unencrypted and Up to 80 Percent Has Some Hackable Flaw in Its Encryption

BETHESDA, Md.--()--Quantum Xchange, the enterprise crypto-management company, has conducted research exposing the widespread use of old, outdated cryptographic protocols by enterprises in finance, healthcare, higher education, retail, and manufacturing. The research underscores how cryptography is largely taken for granted – rarely evaluated or checked – a practice that could have devastating consequences for businesses as attack surfaces continue to expand, the cost of a data breach rises year-over-year, and the age of quantum computing nears.

Mining data from CipherInsights’ users, examining more than 203 terabytes of network traffic, the analysis looked at the relationships, sessions, and traffic for ciphersuites, plaintext, TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0, and SSL v3. The total sum of all packets, for all connections, between all pairs found up to 80 percent of network traffic had some defeatable flaw in its encryption and 61 percent of the traffic was unencrypted. See infographic for full results.

Findings indicate that healthcare and higher education are slow to change with a significant presence of TLS 1.1 and 1.0 in use. More alarming still, up to 92 percent of all traffic on a hospital network uses no encryption at all. This suggests a laissez faire attitude and general reluctance to update “working” systems that are in production.

87 percent of encrypted, host-to-host relationships still use TLS 1.2, demonstrating that a large migration to TLS 1.3 is still forthcoming – not a trivial upgrade given the significant differences between versions.

“These findings serve as a snapshot of what’s taking place within enterprise systems worldwide,” said Vince Berk, Chief Strategist at Quantum Xchange. “Zero trust is meaningless if your encryption is not bulletproof. We’re trying to bring awareness to the here-and-now problem with cryptography so that organizations can shore up these weaknesses and better protect their systems from everyday cybersecurity risks and yet-to-be-discovered threats.”

Launched in June 2023, the real-time cryptographic risk, discovery, and assessment tool CipherInsights acts as a passive listener on the network. Unlike scanning tools that can only inspect certificates and cryptographic libraries that are installed on endpoints, CipherInsights performs analysis on traffic as it passes by, identifying and classifying the encryption, both sanctioned and unsanctioned, that is in use on the network. This gives users near-immediate insights into how encryption is operating, not just how it is deployed, which is a requirement for the new standards such as PCI-DSS 4.0, as well as many cyber insurance policies.

With CipherInsights users can:

  • Identify the use of outdated protocols like TLS 1.1, SSL 3.0, MD5 or SHA-1.
  • Satisfy the encryption inventory requirements for the new PCI-DSS 4.0, H.R. 7535, and others.
  • Spot weakly signed, untrustworthy, wildcarded, self-signed, or expired certificates.
  • Alert on communications such as user authentication and database traffic that should be encrypted but appear in clear text.
  • Discover, catalog, and prioritize cryptographic risk based on the zero-trust framework.
  • Generate detailed reports that can be directly submitted to regulatory bodies or used for internal audits.
  • Enforce policies and manage organizational progress toward crypto-agility.
  • Be better prepared for the next phase of computing and whatever threats lie ahead.

Register to attend the Dec. 6 webinar and see first-hand how CipherInsights can be used to achieve full cryptographic clarity.

About Quantum Xchange

Quantum Xchange protects the world’s data in motion from advances in computing and everyday cybersecurity risks. Delivering the future of encryption with its award-winning, cryptographic management platform, Phio Trusted Xchange (TX) and network monitoring and risk assessment tool CipherInsights, commercial businesses and government agencies can bring existing IT infrastructure and SD-WAN environments into the post-quantum era easily, affordably, and through policy configuration and control. To learn more about future-proofing your data from whatever threat awaits, watch the explainer video and visit QuantumXC.com for the latest company news and events.

Contacts

April Burghardt
CMCO at Quantum Xchange
april.burghardt@quantumx.com