To rate TLS/SSL configuration management performance, we examined whether security protocol libraries support strong encryption standards when making connections to other machines. Incorrect or weak TLS/SSL configurations result in infrastructure becoming more vulnerable to potential attack.
To calculate the grades (A-F) associated with the TLS/SSL Certificate and Configuration Management risk vector, BitSight examines a variety of parameters. These include, but are not limited to, the presence of insecure or obsolete protocols, the strength of encryption keys and hashing algorithms, and the presence of self-signed and/or expired certificates. Click here to learn more about how BitSight Security Ratings are calculated.
As noted above, more than 76% of the Healthcare sector is at heightened risk of ransomware due to poor TLS/SSL configuration management. Only 25% of Healthcare sector organizations scored an “A” in TLS/SSL Configurations, making them less likely to experience a ransomware attack. 15% scored “B”, 28% scored “C”, and 33% were in the “D” or “F” range. Companies with a C grade or lower in TLS/SSL Configuration are nearly four times more likely to be a ransomware victim, concerning for over 50% of organizations in the healthcare sector.
Last year, The National Institute of Standards and Technology (NIST) released a highly detailed report on TLS certificate management. According to the report:
To effectively address the risks and organizational challenges related to TLS server certificates and to ensure that they are a security asset instead of a liability, organizations should establish a formal TLS certificate management program with executive leadership, guidance, and support. The formal TLS certificate management program should include clearly defined policies, processes, and roles and responsibilities for the certificate owners and the Certificate Services team, as well as a central Certificate Service.
Additionally, the report offers actionable steps to address security risks associated with TLS/SSL certificate management, such as:
To learn more about protecting your healthcare organization, download our “Ransomware in the Healthcare Industry” eBook. For more insight into the potential risks living on our network, including TLS/SSL misconfigurations, request a BitSight demo.
Recent BitSight research shows that 76% of healthcare organizations may be at increased risk of ransomware attacks due to poor TLS/SSL configuration management.
TLS/SSL certificate and configuration management presents a considerable...
Recent BitSight research shows healthcare organizations that display poor patching cadence can be up to 7x more likely to experience ransomware.
Ransomware attacks on Scripps Health in San Diego, Ireland’s national health service, and...
Ransomware is rapidly becoming the most common form of cyberattack. According to the Verizon 2021 Data Breach Investigations Report, ransomware incidents have doubled year-over-year with headline-grabbing consequences.