NSS Labs: Encrypted Web Traffic on the Rise

Cyber security research and testing company NSS Labs is seeing a stark rise in enterprises using both Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption to secure transmissions of private data over the internet, a good sign for companies looking to control access and confidentiality, and reduce exposure to protocol–specific attacks.

NSS Labs research saw SSL/TLS encrypted internet traffic grow 90% year-over-year in July 2016, and is now predicting that 75% of all web traffic will be encrypted by 2019, as more companies look to secure private data like credit cards, passwords and personal information.

“The increase in secure web transactions is encouraging since this means sensitive information is being protected,” said NSS Labs research director Jason Pappalexis. “However, encryption also creates a false sense of security since threats can be missed because they are now hidden within the packet payload that is encrypted. It is imperative that security solutions are validated so that they are addressing this.”

NSS Labs saw nearly 41% of web sites were encrypting their traffic by default in July, up from 21.3% the year before, and 97% of enterprises surveyed said they’ve noticed the increase in encrypted web traffic. More than 40% of the world’s most-visited sites are encrypted by default, but encryption doesn’t necessarily mean secure, NSS Labs stressed: Many organizations just don’t have the ability to scan all inbound encrypted content.

“NSS Labs has seen a rise in the number of attacks that utilize encryption to bypass security controls, underlining the need for solutions,” the company said. “A security product cannot protect against an attack that it cannot see.”