Sobering Examples of Companies Failing to Safeguard SSL Certificates

“SSL certificate”: you probably know the word but might not even understand the sheer importance of it. Global cybercrime is expected to hit a staggering $2 trillion by 2019, so if there was ever a moment to comprehend the vital role of the SSL certificate in keeping the web safe, then now is the time.

Not having a functioning SSL certificate is serious stuff, as CBS reports that “In 2014, 47% of American adults had their personal information stolen by hackers — primarily through data breaches at large companies.” If you didn’t recognize that a site wasn’t safe to use before, then you will now, as Google Chrome provides a report in the address bar as to whether the site should be used to pass on personal data, such as credit card information.

Even with SSL checkers available to use, a huge number of sites still don’t have an effective SSL certificate, and whilst many of these are small businesses who may not know any better, a worrying amount of large-scale websites are in the same boat. Keeping up with new technology is clearly important in the construction industry, but this is definitely one area where you can’t afford to lose track, even for a second, as these companies found out.

LinkedIn

For one day in December, 2017, millions couldn’t access the UK, US, and CA version of the site due to an expired SSL certificate issue. What’s worse is that somehow, many users were able to access the site, but were doing so deprived of a secure connection – and there’s a lot of personal data at risk on a LinkedIn profile.

Kaspersky

For a cybersecurity company and provider of antivirus software, it remains to be seen how its own SSL certificates could contain bugs, but that’s just what happened to Kaspersky early in 2017. The bug, which disabled certificates for around 400 million users, was actually discovered by Google’s Tavis Ormandy, who described the certificates as far too weak to be up against today’s hackers.

The UK’s Conservative Party

In January, 2018, the Conservative Party’s very own website went down for several hours when it was discovered that they had failed to renew the SSL certificate. This is perhaps the most common problem which faces websites in terms of online security, as many site owners believe that once an SSL is purchased, it’s there for life. SSL certificates must be updated at specific times, and even though reminders will be sent by the provider, many fail to notice or may well even ignore such prompts. When these security gaps occur, this is the perfect time for hackers to infiltrate and potentially steal private information.

Fox-IT

Finally, much like Kaspersky, Fox-IT is one of the world leaders in providing IT security, but even it couldn’t escape an SSL problem in 2017. Granted, the way in which the hacker gained access to information belonging to clients of Fox-IT is incredibly sophisticated, it still goes to show how vulnerable online security can be. A detailed timeline of how the attack took place is a fascinating read, and despite Fox-IT becoming aware of the issue about 10 hours after it took place, the company obviously has ways to go to compete against hackers in this day and age.

LinkedIn
Twitter
Facebook
Pinterest
WhatsApp
Email
Latest Issue
Issue 324 : Jan 2025