Security News > 2020 > July > The TLS 1.2 Deadline is Looming, Do You Have Your Act Together?
As experts in measuring and monitoring third-party risk, RiskRecon and the data scientists from Cyentia Institute recently published a new report that leveraged unique scan data from millions of web servers around the world, via the RiskRecon platform, to see where the rollout of TLS 1.2 is going smoothly and where it is meeting resistance.
Together with its precursor SSL, TLS has long been in the crosshairs of both attackers and security researchers who understand that a weak or non-existent deployment of the protocol makes it trivial enough to carry out man-in-the-middle and other attacks against the vulnerable target.
Digging deeper into the analysis, the data scientists found that many, many organizations don't support TLS 1.2 across all of their deployments, and a lot of the holes are found on servers that deal with private data.
Sectors such as Education, Energy, and Public Administration have struggled to implement TLS 1.2 protocols.
If we restrict our view to just these high-value hosts, we can zero in on where the lack of TLS 1.2 represents a substantial risk: 1 in 10 organizations transmit private information over flawed protocols.