Certificate expiry may seem like an abstract concept that looms somewhere in the indeterminable future, which could be why most organizations push the issue to the backburner. But when it eventually strikes, even giants aren’t spared. Certificate expiry has played Russian Roulette with some of the top cos like LinkedIn, Microsoft, and Ericsson, leading to losses that ran up to millions of dollars.
Here are four ways by which certificate expiry can wreak havoc on your business:
The expiry of just one SSL/TLS certificate can render whole websites insecure and disrupt services for all your customers around the world. Users are left in the lurch until the company involved takes corrective action and gets their services up and running. Case in point: Ericsson’s certificate expiry fiasco left millions of users without the ability to make calls, send SMS, or use their 4G connection.
This is a direct consequence of network outages. Enterprises have a client base that spans millions, and even a few minutes of service disruption could make a crater in their revenue. Research by Ponemon Institute has shown that on average it takes a business $15 million to recover from a certificate-related outage. And this is just the cost incurred by the gap in business continuity–compliance failures can lead to losses amounting to well over $25 million.
SSL/TLS certificates form the core of PKI, the system that makes sure all communication pathways within a network are private, encrypted, and secure. When a certificate expires and is not renewed in time, it leaves the pathways open to intrusion, wherein a hacker could seat themselves in the middle, intercept information that flows through these pathways, and exploit it. Research shows that banks are especially prone to these attacks, owing to the high stakes involved.
Brand Image Damage
The above-mentioned damages, which are physical in nature, can be recovered from gradually by throwing around some serious money and implementing the appropriate mitigation measures. But in the eyes of customers, both current and potential, the company’s reputation would’ve fallen a notch. Customers trust a company to provide them with uninterrupted services and keep their data confidential, and failing to do either or both could have lasting repercussions– either in the form of existing customers dropping off or a drop in new customers. Although companies are usually upfront about such incidents, loss of trust is something that cannot be easily mended. It is estimated that brand image damage alone costs a company up to $13 million a year.
Sounds scary, right? If you want to save your organization from a similar fate, it’s time you got your certificate management sorted. AppViewX’s CERT+ keeps your security system in the pink of health by automating certificate management from start to end. It discovers certificates, monitors them throughout their lifecycle, and alerts you when they approach expiry. What’s more, it’s tightly integrated with all popular CAs, so you can renew, revoke, and provision certificates with a single click. Try CERT+ now, or book a demo with us.