With today’s release of Google Chrome 68, the much promised ‘Not Secure’ tag now appears in the browser’s address bar for every site that doesn’t use HTTPS encryption.
The Web is Moving to HTTPS
This is the latest step in Google’s continuing mission to put pressure on websites to adopt HTTPS. The next step, promised for Chrome 70, will increase the visibility of the ‘Not Secure’ warning by switching it from its current black text to red.
Secured sites are currently displayed in Green, but in Chrome 69, this is expected to be removed as Google hope everyone will understand that sites are using HTTPS by default unless the ‘Not Secure’ warning appears.
Google is also promoting Jigsaw, an open-source virtual private network (VPN) that allows anyone to set up and run their own ‘homebrew’ VPN.
Mozilla also joined the push towards HTTPS last year when Firefox 52 began marking form elements on HTTP sites as insecure, warning users that any login information could be compromised.
As a result, the majority of network traffic is now encrypted.
What it Means for Enterprise
The move to HTTPS and encryption is going to be a problem for most security solutions. While encryption does improve privacy, it eliminates the option for security products to see the traffic. This can aid attackers by allowing them to hide their threats and communication channels from scrutiny by tools like network monitors. Encryption also makes it easier for phishing attacks and data exfiltration to sneak under the radar of many endpoint protection tools.
Given the prevalence and success of phishing attacks, this is a real concern for businesses. Phishing sites try to trick users into entering credentials or personal information that can lead to devastating compromises like ransomware. Our study of 500 business leaders showed that
- 66% of enterprises experienced ransomware originating from phishing, email or social networks
- 44% experienced Drive-by-downloads caused by clicking on a compromised website
As attackers follow the trend and move their own sites to encrypted HTTPS, using security tools that cannot see into encrypted traffic creates a blindspot that could harm the organization.
SentinelOne Deep Visibility to the Rescue
Keeping your business safe in today’s world means protecting your endpoints. SentinelOne automatically mitigates evolving threat attempts, incident by incident, while Deep Visibility provides the ability to look into encrypted traffic and to reveal the chain of events leading to compromise attempts. This way, Deep Visibility protects your company and your workforce from data loss, data breach, phishing attempts and identity data leakage.