Most infosec pros forget to change keys after a breach
Many companies don’t have systems in place to track all of the keys and certificates
That is the reality folks. Regrettably, the human element is a hacker’s greatest asset and yet many IT mangers and senior executives ignore this premise. According to Maria Korolov “One of the things that hackers look for when they break into an enterprise is encryption keys and security certificates, but most security professionals don’t know how to respond if the keys are compromised during a breach. That’s the result of a survey released today by security vendor Venafi, which canvassed 850 security professionals at last month’s RSA conference.”