Zscaler’s 2021 Encrypted Attacks Report Reveals 314 Percent Spike in HTTPS Threats
Massive Increase in Cyber Attacks Targeting Technology and Retail Industries Confirms Immediate Need for Zero Trust Security
- Threats over HTTPS have increased more than 314 percent year-over-year, exceeding 250% growth for the second straight year.
- Attacks on tech companies increased by 2,300 percent year-over-year; attacks on retail and wholesale companies increased by 800 percent.
- Healthcare and government attacks saw a decrease in attacks year-over-year.
- The UK, U.S., India, Australia, and France are the top five targets of encrypted attacks.
- Malware is up 212 percent, and phishing is up 90 percent, whereas cryptomining attacks are down 20 percent.
SAN JOSE, Oct. 28, 2021 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the release of its annual State of Encrypted Attacks Report, which tracked and analyzed over 20 billion threats blocked over HTTPS, a protocol originally designed for secure communication over networks. This year’s study found an increase of more than 314 percent year-over-year across geographical areas that include APAC, Europe, and North America, underscoring the need for a zero trust security model and greater traffic inspection than most companies can achieve with legacy firewall-based security models.
Zscaler’s Zero Trust Exchange analyzes more than 190 billion daily transactions, extracting over 300 trillion signals which provides unmatched visibility to enterprise data at scale. ThreatlabZ research team leveraged these large data sets to provide unique insights into security risks posed by encrypted channels across key industries. Seven of the industries in the study experienced higher attack rates from threats in SSL and TLS traffic, while last year’s most-targeted industry, healthcare, saw a decrease of 27 percent since January 2021. Conversely, the technology industry was plagued by threats at a rate much higher than other types of businesses, accounting for 50 percent of attacks.
In today’s enterprise, more than 80 percent of internet-bound traffic is encrypted, which means that enterprises face the unique challenge of enforcing consistent security for all of their remote users. Cybercriminals are increasingly sophisticated in their tactics, and they’re using encrypted channels at various stages of malware and ransomware attacks.
“Most enterprise IT and security teams recognize this reality but often struggle to implement SSL/TLS inspection policies due to a lack of compute resources and/or privacy concerns,” said Deepen Desai, CISO and VP Security Research and Operations at Zscaler. “As a result, encrypted channels create a significant blind spot in their security postures. Zscaler’s new report on the state of encrypted attacks demonstrates that the most effective way to prevent encrypted attacks is with a scalable, cloud-based proxy architecture to inspect all encrypted traffic, which is essential to a holistic zero trust security strategy.”